npm log file publicly accessible (npm-debug.log)
Description
npm is a package manager for the JavaScript programming language. It is the default package manager for the JavaScript runtime environment Node.js. When npm is executed all logs are written to a file named npm-debug.log in the current working directory.
It was confirmed that this npm log file is publicly accessible in this directory. This log file contains potentially sensitive information and it's recommended to restrict access to this file.
Remediation
You should restrict access to the <strong>npm-debug.log</strong> file by adjusting your web server configuration. You can also run npm with the command line arguments <strong> -loglevel silent</strong> to prevent the log file from being created<br/><br/> <code> npm install ToInstall -loglevel silent </code>