Insecure temporary directores #17
Description
The module uses temporary directories but creates them in an insecure way.
Besides general issues related to making of tmp files, the implementation in sync-exec/coffee/lib/create-pipes.coffee does not handle errors. The variable created is set to true even if the directory already exists and belong to another user. It seems that errors should be handled by callback, but it is inconsistent with synchronous usage of fs.mkdir.
Some node modules were suggested in response to the stackoverflow question "nodejs - Temporary file name [closed]"
More details related to the issue is given in "Creating temporary files securely"
This kind of vulnerabilities is discussed in general in CWE-377: Insecure Temporary File