npm doesn't check package signatures, should www/npm print security alert?
Yuri
yuri at rawbw.com
Tue Mar 17 09:16:02 UTC 2015
On 03/16/2015 12:57, Yuri wrote:
> www/npm downloads and installs packages without having signature
> checking in place.
> There is the discussion about package security
> https://github.com/node-forward/discussions/issues/29 , but actual
> checking isn't currently done.
I added the pkg-message with security advisories about this:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198653
Yuri
More information about the freebsd-security
mailing list