Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
donnico12197yTurns out that is not the cli fault but when running yarn global upgrade yarn pulls this trick
-
donnico12197y@Vip3rDev apparently is a Yarn issue yes! Npm or yarn they both install the same packages :)
-
heikomat6867yDon't install it globally then. Add the CLI to the devDepebdencies of the project you need it for, then run it via package.json-script (using its name like you would if it was installed globally) or from the terminal with ./node_modules/.bin/the-clis-name
-
donnico12197y@heikomat nah not possible is a cli written in node but is to manage IOT devices and is not a dependency of a project
Related Rants
So today it finally happened.
Npm modules broke my system and / or endangered the security of my system.
Installed a global cli utility
That utility depends on package A
That depends on package B
That fucking install a bin called sudo
Yeah.. You heard it right a bin called sudo.
This bin goes in the global module folder that is piped in your path variable.
Now everytime you type sudo you are running somebody else code instead of your system utility.
I am shivering and at loss of swear words.
Opened an issue on the cli that started this matrioska game of horror.
Who the fuck tought that a bin called sudo would be a good fucking idea?
Oh and yes is even an harmless package that try to provide the sudo experience for windows (I went in to check the code of course..)
And I frigging need that cli for work
For now I aliased the sudo in my bashrc still i feel vulnerable and naked now.
rant
fuck this shit
security
windows
npm