npkill
npkill copied to clipboard
voidcosmos
[Security] prompting for photos, contacts, calendars...
Describe the bug
Running npkill resulted in prompts for access to my: contacts, pictures, and calendars. I promptly stopped the process!
To Reproduce Steps to reproduce the behavior:
- Launch terminal.app or iTerm2 (v3.3.7)
-
$ npx npkill - See screenshot:
Expected behavior
Yes, by running npkill I granted access to my system. However, I didn't expect the package or its dependencies to be compromised by malware.
Screenshots
- OS: MacOS Mojave 10.14.6 (18G1012)
- Version Latest (not installed)
@rk This is not a malware. These dialogs are part of MacOS's security features that require approval since when any application tries to access certain directories. Since you ran npkill directly on your home directory, npkill will go through all the folders in your home directory including contacts, photos etc triggering these permission dialogs. (you'd see more dialogs on MacOS catalina)
Instead of running on your home directly, you can run npkill on a specific sub directory. Then these dialogs wouldn't come up.
@niranjan94 I'm pretty sure I ran it on my ~/Sites folder and got those same prompts. I know that there are no symlinks out to my home directory within that subfolder.
Hmm okay ... Because accidentally had run on my home directory once and got similar prompts ... And when I noticed a similar issue (this) here, thought maybe you might be facing the same issue too 😄
I am not familiar with MacOs alert system and the type of actions that trigger it. However, you can rest assured. Npkill is not intended to do anything malicious to your computer.
PS: In the past we discovered a problem where in some very rare situations paths were trimmed from the result. I THINK that maybe because of the above, it proceeded to read the size of a parent directory. If this theory is correct, it should not happen again.
