http://bugzilla.opensuse.org/show_bug.cgi?id=1082287 Bug ID: 1082287 Summary: VUL-0: npm: Critical Linux filesystem permissions are being changed by latest version Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: jmassaguerpla@suse.com Reporter: kbabioch@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- By using sudo npm on a non-root user (root users do not have the same effect), filesystem permissions are being modified. For example, if I run sudo npm --help or sudo npm update -g, all commands starting with sudo npm cause my filesystem to change ownership of directories such as /etc, /usr, /boot, and other critical directories needed for running the system to the current user running the command. References: https://github.com/npm/npm/issues/19883 -- You are receiving this mail because: You are on the CC list for the bug.