diff options
author | Forrest L Norvell <forrest@npmjs.com> | 2014-09-28 00:37:52 +0400 |
---|---|---|
committer | Forrest L Norvell <forrest@npmjs.com> | 2014-09-28 00:37:52 +0400 |
commit | 4b2d95d0641435b09d047ae5cb2226f292bf38f0 (patch) | |
tree | 514b0a8b50588eb1e7efc40f0fb1a88dff1fb6ee /lib/npm.js | |
parent | 8e1e659faa652557236fdec7c3749c5ba7e6f3a0 (diff) |
efficiently validate tmp tarballs safely
Only validate tarballs when necessary, validate them locally, and make
sure that each one that's being validated is being unpacked to a
different directory. Fixes #6329.
Diffstat (limited to 'lib/npm.js')
-rw-r--r-- | lib/npm.js | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/lib/npm.js b/lib/npm.js index c811be5a9..666bc885f 100644 --- a/lib/npm.js +++ b/lib/npm.js @@ -424,11 +424,7 @@ Object.defineProperty(npm, "cache", }) var tmpFolder -var crypto = require("crypto") -var rand = crypto.randomBytes(6) - .toString("base64") - .replace(/\//g, '_') - .replace(/\+/, '-') +var rand = require("crypto").randomBytes(4).toString("hex") Object.defineProperty(npm, "tmp", { get : function () { if (!tmpFolder) tmpFolder = "npm-" + process.pid + "-" + rand |