From bfc150b18360edb40db37bbaa1276195cd9f86da Mon Sep 17 00:00:00 2001
From: Liang Gong <JacksonGL@users.noreply.github.com>
Date: Wed, 29 Mar 2017 19:03:53 -0700
Subject: [PATCH] fix insecure install

The [documentation](https://github.com/npm/npm-registry-couchapp/blob/master/www/attachments/install.html#L3) mentions a one line install ```curl http://npmjs.org/install.sh | sh```. It may be safer to download via the HTTPS protocol, since http enables main-in-the-middle-attack, and if succeed in this case, it becomes arbitrary execution attack.
---
 www/attachments/install.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/attachments/install.html b/www/attachments/install.html
index 75a38ea..b39cc13 100644
--- a/www/attachments/install.html
+++ b/www/attachments/install.html
@@ -1,6 +1,6 @@
 <h2>One Line Install</h2>
 
-<code>curl http://npmjs.org/install.sh | sh</code>
+<code>curl https://npmjs.org/install.sh | sh</code>
 
 <h2>More Than One Line Install</h2>