efficiently validate tmp tarballs safely

Only validate tarballs when necessary, validate them locally, and make sure that each one that's being validated is being unpacked to a different directory. Fixes #6329.
author: Forrest L Norvell <forrest@npmjs.com> 2014-09-28 00:37:52 +0400
committer: Forrest L Norvell <forrest@npmjs.com> 2014-09-28 00:37:52 +0400
commit: 4b2d95d0641435b09d047ae5cb2226f292bf38f0 (patch)
tree: 514b0a8b50588eb1e7efc40f0fb1a88dff1fb6ee /lib/npm.js
parent: 8e1e659faa652557236fdec7c3749c5ba7e6f3a0 (diff)
1 files changed, 1 insertions, 5 deletions
diff --git a/lib/npm.js b/lib/npm.js
index c811be5a9..666bc885f 100644
--- a/lib/npm.js
+++ b/lib/npm.js
@@ -424,11 +424,7 @@ Object.defineProperty(npm, "cache",
   })
 
 var tmpFolder
-var crypto = require("crypto")
-var rand = crypto.randomBytes(6)
-                 .toString("base64")
-                 .replace(/\//g, '_')
-                 .replace(/\+/, '-')
+var rand = require("crypto").randomBytes(4).toString("hex")
 Object.defineProperty(npm, "tmp",
   { get : function () {
       if (!tmpFolder) tmpFolder = "npm-" + process.pid + "-" + rand
author	Forrest L Norvell <forrest@npmjs.com>	2014-09-28 00:37:52 +0400
committer	Forrest L Norvell <forrest@npmjs.com>	2014-09-28 00:37:52 +0400
commit	4b2d95d0641435b09d047ae5cb2226f292bf38f0 (patch)
tree	514b0a8b50588eb1e7efc40f0fb1a88dff1fb6ee /lib/npm.js
parent	8e1e659faa652557236fdec7c3749c5ba7e6f3a0 (diff)