-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm: 使用root 用户执行npm lifecycle 命令时报错 #5
Comments
Liu233w
pushed a commit
to Liu233w/acm-statistics
that referenced
this issue
Apr 25, 2018
这样的话,使用 root 权限运行 postinstall 脚本就不会报错了(安全原因) see npm/npm#3497 SamHwang1990/blog#5
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
npm lifecycle 命令在执行前,会判断配置
unsafe-perm
为true 时才继续,否则会提前退出。代码参考:
问题的分析参见:Npm install failed with “cannot run in wd”
配置的读取顺序大致参考:npm-config,即
cli -> env -> npmrc -> default
。default
中关于unsafe-perm
的初始化如下:针对unix 平台,使用root 用户执行npm 命令时得到的默认值都会是
false
。我的理解大致是避免以root 的身份去执行lifecycle 命令时可能造成的安全问题。
要避开该问题,只要覆盖
default
中的初始值即可,比如用cli
参数或者npm config set unsafe-perm=true
。如果站在项目角度避开该问题,可以采取的措施是在项目中创建
.npmrc
来覆盖default
的配置:但可能需要明确带来的风险。
The text was updated successfully, but these errors were encountered: