A major npm vulnerability crashed Linux systems, forcing users to reinstall. npm user Crunkle pointed out that npm 5.7.0 completely broke his file system permissions, forcing him to manually fix permissions on important documents and folders.
The full name of npm is Node Package Manager, which is the package manager for the JavaScript programming language and the default package manager for Node.js. Provides libraries and plugins for Node.js, Ember, jQuery, Bootstrap, React, Angular and many other JavaScript frameworks.
According to an npm bug report on GitHub, npm user Crunkle pointed out that npm 5.7.0 completely broke his file system permissions, forcing him to manually patch permissions on major documents and folders. Another user, juggy, said that a single npm 5.7.0 deployment destroyed 3 working servers. AWS EC2 Linux AMI user redboltz also said that after deploying npm 5.7.0, he was unable to execute sudo commands and had to rebuild the EC2 instance. Changing file permissions may cause the program or system to crash, or even fail to boot.
npm, Inc. released npm 5.7.1 the next day for patching. As the company adopts a two-phase update of npm@next and npm@latest, npm 5.7.0 is the first to be released to npm@next , when npm@latest is not affected, so users who use the npm@latest update channel have not been affected.
Provide the latest Linux technology tutorial books for free, and strive to do more and better for open source technology enthusiasts: http://www.linuxprobe.com/