javascript NodeJS unsafe-perm 不适用于 package.json
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/28763958/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
NodeJS unsafe-perm not working on package.json
提问by nanndoj
I'm trying to run a npm installcommand with a preinstall script at my package.json. I know it's antipattern but I need to run some scripts as root.
我正在尝试npm install在我的package.json. 我知道这是反模式,但我需要以 root 身份运行一些脚本。
It's working fine by adding a .npmrcfile containing unsafe-perm = trueto my root directory. But it's not working by add a config property in my package.jsonfile:
通过向我的根目录添加一个.npmrc文件,它工作正常unsafe-perm = true。但是在我的package.json文件中添加一个配置属性是行不通的:
{
"name": "foo",
"version": "1.4.4",
"config": {
"unsafe-perm":true
},
"scripts" : {
"preinstall" : "npm install -g bower"
}
}
// It is not working
According with NPM config docsit's ok adding this property in my package file. I want to understand why it's not working.
根据NPM 配置文档,可以在我的包文件中添加此属性。我想了解为什么它不起作用。
采纳答案by Sam Mikes
When you add that property, you are adding it to the environment of your script with the prefix npm_config_package:
添加该属性时,您将使用前缀将其添加到脚本的环境中npm_config_package:
$ cat package.json
{
"config": { "unsafe-perm": true }
}
$ npm run env | grep perm
$ npm run env | grep perm
npm_package_config_unsafe_perm=true
npm_config_unsafe_perm=true
$ sudo npm run env | grep perm
npm_package_config_unsafe_perm=true
npm_config_unsafe_perm=
$
This is for security reasons, sort of. It would not be good for an arbitrary package from the npmregistry to allow you to change npm's config settings (e.g., what if it set prefix to /etcand installed a file named passwd)
这是出于安全原因,有点。npm注册表中的任意包不允许您更改npm的配置设置(例如,如果它设置前缀/etc并安装名为 的文件会怎样passwd)
However you can still get around it by setting the environment variable in on your script line (this will not work on Windows):
但是,您仍然可以通过在脚本行中设置环境变量来绕过它(这在 Windows 上不起作用):
$ cat package.json
{
"config": { "unsafe-perm": true },
"scripts": { "foo": "npm_config_unsafe_perm=true env" }
}
$ npm run foo | grep unsafe_perm
npm_config_unsafe_perm=true
npm_package_config_unsafe_perm=true
npm_lifecycle_script=npm_config_unsafe_perm=true env
npm_package_scripts_foo=npm_config_unsafe_perm=true env
$ sudo npm run foo | grep unsafe_perm
npm_config_unsafe_perm=true
npm_package_config_unsafe_perm=true
npm_lifecycle_script=npm_config_unsafe_perm=true env
npm_package_scripts_foo=npm_config_unsafe_perm=true env
$
This may be a bug in npmthough, so I would recommend not relying on this behavior. Can you get away with using a different user than root?
npm不过,这可能是一个错误,所以我建议不要依赖这种行为。您可以使用与 不同的用户root吗?
Source: Tested with [email protected]on OSX. I am a support volunteer on the npmissue tracker, https://github.com/npm/npm/issues.
来源:[email protected]在 OSX 上测试。我是npm问题跟踪器https://github.com/npm/npm/issues 的一名支持志愿者。
回答by HDK
unsafe-perm
不安全烫发
Default: false if running as root, true otherwise Type: Boolean Set to true to suppress the UID/GID switching when running package scripts. If set explicitly to false, then installing as a non-root user will fail.
默认值:如果以 root 身份运行,则为 false,否则为 true 类型:布尔值 设置为 true 以在运行包脚本时禁止 UID/GID 切换。如果显式设置为 false,则以非 root 用户身份安装将失败。
