In November 2018, it was discovered that a malicious package had been added as a dependency to version 3.3.6 of the popular package event-stream. The malicious code copied the npm credentials of the machine running eslint-scope and uploaded them to the attacker. In July 2018, the npm credentials of a maintainer of the popular eslint-scope package were compromised resulting in a malicious release of eslint-scope, version 3.7.2. In February 2018, an issue was discovered in version 5.7.0 in which running sudo npm on Linux systems would change the ownership of system files, permanently breaking the operating system. Although the package was republished three hours later, it caused widespread disruption, leading npm to change its policies regarding unpublishing to prevent a similar event in the future. In March 2016, npm attracted press attention after a package called left-pad, which many popular JavaScript packages depended on, was unpublished as the result of a naming dispute between Azer Koçulu, a self-taught software engineer, and Kik. Schlueter as a result of having "seen module packaging done terribly" and with inspiration from other similar projects such as PEAR ( PHP) and CPAN ( Perl). Npm is written entirely in JavaScript and was developed by Isaac Z. The expansion of the name was changed in 2014. However, the initial commit of npm referred to it as the "Node Package Manager". Npm is officially a "recursive bacronymic abbreviation for 'npm is not an acronym '". The package manager and the registry are managed by npm, Inc. The registry is accessed via the client, and the available packages can be browsed and searched via the npm website. It consists of a command line client, also called npm, and an online database of public and paid-for private packages, called the npm registry. npm is the default package manager for the JavaScript runtime environment Node.js. Npm is a package manager for the JavaScript programming language maintained by npm, Inc.
0 Comments
Leave a Reply. |