Skip to content
This repository has been archived by the owner on Aug 11, 2021. It is now read-only.

[BUG] npm falsely reports hard-coded ENOENT as postinstall error when root #47

Open
coolaj86 opened this issue Apr 24, 2020 · 0 comments

Comments

@coolaj86
Copy link

coolaj86 commented Apr 24, 2020

What / Why

npm reports ENOENT on npm install postinstall errors when running as root
We all know that you shouldn't run npm is root on your local system.

What we don't all know is that apparently new versions of npm change the uid to 1001 and if you're running in a virtualized single-user environment, this causes postinstall scripts to break due to permission errors.

How

Apparently there's some uid fudging and whatnot inside of npm.

Steps to Reproduce

  1. Spin up a single-user (root-only) virtual server.
  2. Install node v12.16.2 (or earlier, but after v10.x for certain) via nodejs.org tarball
    • curl -sS https://webinstall.dev/node@v12 | bash
  3. install a package that runs a pre, install, and/or post script
npm install --save @root/acme 
> @root/acme@3.0.10 postinstall /root/srv/try-greenlock/node_modules/@root/acme
> node scripts/postinstall

sh: 1: node: Permission denied
npm WARN try-greenlock@1.0.0 No description
npm WARN try-greenlock@1.0.0 No repository field.

npm ERR! code ELIFECYCLE
npm ERR! syscall spawn
npm ERR! file sh
npm ERR! errno ENOENT
npm ERR! @root/acme@3.0.10 postinstall: `node scripts/postinstall`
npm ERR! spawn ENOENT
npm ERR! 
npm ERR! Failed at the @root/acme@3.0.10 postinstall script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2020-04-24T23_10_59_381Z-debug.log

Expected Behavior

Either

  • return an error message sooner about being root and that not being allowed.
  • return the correct error message, not ENOENT
  • don't fudge the uids in the first place

References

https://github.com/npm/npm-lifecycle/blob/latest/lib/spawn.js#L45

If you console.log(options) when running as root you can clearly see that the uid is set to 1001.

You can also clearly see that ENOENT is hard-coded as a best-effort guess as to what the error is, masking the actual error which I believe is due to selecting a non-existing user.

@coolaj86 coolaj86 changed the title [BUG] npm reports ENOENT on postinstall errors when root [BUG] npm falsely reports hard-coded ENOENT on postinstall errors when root May 13, 2020
@coolaj86 coolaj86 changed the title [BUG] npm falsely reports hard-coded ENOENT on postinstall errors when root [BUG] npm falsely reports hard-coded ENOENT as postinstall error when root May 13, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant