Should content files be read-only?
rmg opened this issue · comments
Ryann Graham commented
A quick skim through my ~/.npm/_cacache
shows that the verified content files are all -rw-r--r--
.
It looks like the contents all get written to files in a temp space and then get "moved" to the content location. Should the final destination be made completely read-only (-r--r--r--
) since there's no reason to ever modify their contents? The ability to delete the files is based on the w
bit of the containing folder, so it shouldn't cause problems there.
Kat Marchán commented
@rmg that's not a bad idea :)
I would take a patch for this!