Menu
I'm trying to run a npm install command with a preinstall script at my package.json. I know it's antipattern but I need to run some scripts as root.
It's working fine by adding a .npmrc file containing unsafe-perm = true to my root directory. But it's not working by add a config property in my package.json file:
{
"name": "foo",
"version": "1.4.4",
"config": {
"unsafe-perm":true
},
"scripts" : {
"preinstall" : "npm install -g bower"
}
}
// It is not working
According with NPM config docs it's ok adding this property in my package file. I want to understand why it's not working.
701
If set explicitly to false, then installing as a non-root user will fail. If npm was invoked with root privileges, then it will change the uid to the user account or uid specified by the user config, which defaults to nobody. Set the unsafe-perm flag to run scripts with root privileges.
Dev Dependencies: In package. json file, there is an object called as dev Dependencies and it consists of all the packages that are used in the project in its development phase and not in the production or testing environment with its version number.
Every Node JS application or module or package should contain this package. json file. Every NODE JS project should have this file in the root directory to describe its metadata in plain json object format.
The central build script package can provide a set of shared partial package. json files. The monorepo packages can then declare that they inherit from those package.
When you add that property, you are adding it to the environment of your script with the prefix npm_config_package:
$ cat package.json
{
"config": { "unsafe-perm": true }
}
$ npm run env | grep perm
$ npm run env | grep perm
npm_package_config_unsafe_perm=true
npm_config_unsafe_perm=true
$ sudo npm run env | grep perm
npm_package_config_unsafe_perm=true
npm_config_unsafe_perm=
$
This is for security reasons, sort of. It would not be good for an arbitrary package from the npm registry to allow you to change npm's config settings (e.g., what if it set prefix to /etc and installed a file named passwd)
However you can still get around it by setting the environment variable in on your script line (this will not work on Windows):
$ cat package.json
{
"config": { "unsafe-perm": true },
"scripts": { "foo": "npm_config_unsafe_perm=true env" }
}
$ npm run foo | grep unsafe_perm
npm_config_unsafe_perm=true
npm_package_config_unsafe_perm=true
npm_lifecycle_script=npm_config_unsafe_perm=true env
npm_package_scripts_foo=npm_config_unsafe_perm=true env
$ sudo npm run foo | grep unsafe_perm
npm_config_unsafe_perm=true
npm_package_config_unsafe_perm=true
npm_lifecycle_script=npm_config_unsafe_perm=true env
npm_package_scripts_foo=npm_config_unsafe_perm=true env
$
This may be a bug in npm though, so I would recommend not relying on this behavior. Can you get away with using a different user than root?
Source: Tested with [email protected] on OSX. I am a support volunteer on the npm issue tracker, https://github.com/npm/npm/issues.
117
unsafe-perm
Default: false if running as root, true otherwise Type: Boolean Set to true to suppress the UID/GID switching when running package scripts. If set explicitly to false, then installing as a non-root user will fail.
see the https://docs.npmjs.com/misc/config#unsafe-perm
31
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
