Last active
December 16, 2015 06:29
-
-
Save glasser/5391502 to your computer and use it in GitHub Desktop.
Shell script showing how the NPM cache can be corrupted
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -eux | |
NPM=/usr/local/bin/npm | |
TESTDIR=`mktemp -d -t npm-test-XXXXXXXX` | |
cd $TESTDIR | |
echo "Deleting your local NPM cache" | |
$NPM cache clean | |
$NPM install https://github.com/glasser/npm-cache-corruption/tarball/93c447e | |
rm -rf node_modules | |
$NPM install npm-cache-corruption | |
echo | |
echo | |
echo "We just installed the module specifying a version, not a tarball." | |
echo "So we should not find this string which is only on the tarball." | |
echo "Do we?" | |
echo | |
grep GitHub node_modules/npm-cache-corruption/index.js | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ bash npm-test.sh | |
+ NPM=/usr/local/bin/npm | |
++ mktemp -d -t npm-test-XXXXXXXX | |
+ TESTDIR=/var/folders/2k/tmccc7sj7pg2c0qt6646cz8r0000gn/T/npm-test-XXXXXXXX.1SnI6gkA | |
+ cd /var/folders/2k/tmccc7sj7pg2c0qt6646cz8r0000gn/T/npm-test-XXXXXXXX.1SnI6gkA | |
+ echo 'Deleting your local NPM cache' | |
Deleting your local NPM cache | |
+ /usr/local/bin/npm cache clean | |
+ /usr/local/bin/npm install https://github.com/glasser/npm-cache-corruption/tarball/93c447e | |
npm http GET https://github.com/glasser/npm-cache-corruption/tarball/93c447e | |
npm http 200 https://github.com/glasser/npm-cache-corruption/tarball/93c447e | |
npm WARN package.json npm-cache-corruption@0.0.1 No README.md file found! | |
npm-cache-corruption@0.0.1 node_modules/npm-cache-corruption | |
+ rm -rf node_modules | |
+ /usr/local/bin/npm install npm-cache-corruption | |
npm http GET https://registry.npmjs.org/npm-cache-corruption | |
npm http 200 https://registry.npmjs.org/npm-cache-corruption | |
npm WARN package.json npm-cache-corruption@0.0.1 No README.md file found! | |
npm-cache-corruption@0.0.1 node_modules/npm-cache-corruption | |
+ echo | |
+ echo | |
+ echo 'We just installed the module specifying a version, not a tarball.' | |
We just installed the module specifying a version, not a tarball. | |
+ echo 'So we should not find this string which is only on the tarball.' | |
So we should not find this string which is only on the tarball. | |
+ echo 'Do we?' | |
Do we? | |
+ echo | |
+ grep GitHub node_modules/npm-cache-corruption/index.js | |
console.log("This is the version you get from GitHub."); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment