You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Aug 11, 2022. It is now read-only.
When using npm logout it leaves behind all the cached responses for the registry and tarballs. This can lead to confusion if then installing a private module after having logged out:
UX side; mild panic because unauthenticated users can install my private packages.
There's the possibility that a user might forget that they've logged out and continue installing packages which use the cache (therefore could actually be out of date, since it's using the cached registry call).
Finally a mild security issue because npm is leaving behind private data once logged out.
Ideally I'd expect the cache to be cleared of any private data as you log out. But a warning that private data may exist and the user may want to run npm cache clear on logout would also be an acceptable solution to me.
The text was updated successfully, but these errors were encountered:
We're closing this issue as it has gone seven days without activity and without being labeled. If we haven't even labeled in issue in seven days then we're unlikely to ever read it.
If you are still experiencing the issue that led to you opening this or this is a feature request you're still interested in then we encourage you to open a new issue. If this was a support issue, you may be better served by joining package.communty and asking your question there.
For more information about our new issue aging policies and why we've instituted them please see our blog post.
When using
npm logout
it leaves behind all the cached responses for the registry and tarballs. This can lead to confusion if then installing a private module after having logged out:Ideally I'd expect the cache to be cleared of any private data as you log out. But a warning that private data may exist and the user may want to run
npm cache clear
on logout would also be an acceptable solution to me.The text was updated successfully, but these errors were encountered: