|
|
|
|
|
|
by tete
4155 days ago
|
|
|
Well, even if it wasn't a post/pre install, even a node library can fork that exact command, upload your home directory, etc. That's actually the reason it isn't just dangerous if run as root. Many people have huge amounts of sensitive information and data with read and write access. A library could of course also fetch even more data. One could create an npm based botnet. |
|
|