Node.js Package Manager Vulnerability

A major vulnerability has been discovered in Node.js package manager (npm).

The attack is pretty simple and is detailed in the SOFTPEDIA article. The npm system leaves authors logged in by default and requires you to log out. If someone writes a malicious module and uploads it to NPM, when another user downloads it and is also an author, the malicious package can now upload itself to all the authors module, causing it to spread.

Hopefully the team over at Node.js / npm is working on fix. The easiest solution would be to remove the always logged in feature and re-require authentication when uploading modules to the npm registry.

Accepting Users and Comments

I am pleased to announce that we are now accepting new users to CodeRiot! As a user, you can create your own blog or comment on other user's blog posts.

Sign Up - Create an account today!

We currently support simple markdown for blog posts and comments. You can link to any site, image on the web or include YouTube videos. If you have any problems, please send an email to and I would be glad to assist you.

Welcome to CodeRiot!

Welcome to CodeRiot!

Welcome to the very first article on CodeRiot! Over the coming weeks and months, this website will start hosting well moderated and interesting programming conversations. I look forward to finding and sharing current programming wisdom. Additionally, here at CodeRiot! we will create the best code and project management software available.

We are proud believer in Open Source software and always looking to give back to the Open Source communication. To show our dedication to this wonderful community all, products and tools will be available free of charge to anyone developing Open Source software.

Welcome to CodeRiot!