|
|
|
|
|
|
by Figs
4159 days ago
|
|
|
It's possible to write malicious Makefiles that do things like: install:
rm -rf /*
If you just `git clone <evil-repo> . && make` or `git clone <evil-repo> . && sudo make install` then sure, you'll be burned too. You should always check what a build system is going to do before running it.Most people would expect that packages from a package manager have already been checked by someone who knows what they're doing before being made available to the public though (like Debian). This is apparently not the case for npm. |
|
|