Skip to content
This repository has been archived by the owner on Apr 7, 2021. It is now read-only.

[BUG] existing shell command will mask scoped package with the same name #23

Open
dr-js opened this issue Nov 8, 2019 · 2 comments
Open

[BUG] existing shell command will mask scoped package with the same name #23

dr-js opened this issue Nov 8, 2019 · 2 comments

Comments

@dr-js
Copy link

dr-js commented Nov 8, 2019
edited

What / Why

executing command like npx @dr-js/node will run node directly
but with added tag or version like npx @dr-js/node@dev, the correct package will install and run

also can test with existing command like npx @qwerty/git will just run git

When

when using npx to run a scoped package and:

  • have a name same as existing shell command, like: npx @dr-js/node
  • do not specify extra version or tag like: npx @dr-js/node@dev

Where

  • n/a

How

Current Behavior

  • n/a
~# npx @dr-js/node
Welcome to Node.js v12.13.0.
Type ".help" for more information.
>

Steps to Reproduce

  • n/a

Expected Behavior

  • n/a
~# npx @dr-js/node
npx: installed 2 in 3.437s
CLI Usage:
  --config --c -c [OPTIONAL] [ARGUMENT=1]
      from ENV: set to "env"
      from JS/JSON file: set to "path/to/config.js|json"
  --help --h -h [OPTIONAL] [ARGUMENT=0+]
      show full help
  --version --v -v [OPTIONAL] [ARGUMENT=0+]
  ...

Who

  • n/a

References

  • n/a
@dr-js dr-js changed the title [QUESTION] existing shell command will mask scoped package with the same name [BUG] existing shell command will mask scoped package with the same name Nov 8, 2019
@ocoka
Copy link

ocoka commented Jul 10, 2020

its security risk and hard to debug
Raagh/angular-karma_test-explorer#82

@karfau
Copy link

karfau commented Jul 11, 2020

zkat/npx#236

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@karfau @ocoka @dr-js