ATTENTION, Public Service Announcement: Do not upgrade your npm. Do not upgrade to 5.7.0, released yesterday.

It changes file permissions of /etc, /boot, /user, … when run with sudo. Avoid, duck, cover, whimper.

github.com/npm/npm/issues/1988

Follow

@rixx Wow. I'm seeing so much misinformation about this -- was this a prerelease marked as a release, or are all the victims running prerelease code in prod environments?

@mdm I did post the information that this was a pre release. A warning is still warranted, imo. People usually don't keep track of the various versioning systems projects employ, since most projects have gravitated towards semver.

Sign in to participate in the conversation
McNamarii Town

This is a private mastodon server for members of the Team McNamara Group.