npm sudo 全局安装 &不安全烫发 [英] npm sudo global installation & unsafe-perm

问题描述

我正在尝试安装一个 npm 模块:

sudo npm install -g now

但是，当我尝试这样做时，我收到警告:

<块引用>

警告！请尝试使用 --unsafe-perm 选项再次安装 Now CLI.
示例:npm i -g --unsafe-perm now

这个不安全权限让我很担心，我想说明一下我是需要按照它来修复警告，还是可以忽略它?

https://docs.npmjs.com/misc/config#unsafe 的解释-perm 对我来说并没有多大意义.这个 于 2016 年 3 月 30 日从 sam-github 评论 解释了很多更清楚地了解其含义.

然而，即使看了两遍，我仍然不清楚--unsafe-perm 是做什么的，有什么含义.所以，

<块引用>

• 默认值:如果以 root 身份运行则为 false
• 设置为 true 以在运行包脚本时禁止 UID/GID 切换.

以上两个running"是在说相同的事情还是不同的事情?如果是一样的东西，那么是安装时间还是运行时间?

我想要的是能够

• 安装
• 并让我系统中的任何人都可以使用它，安全风险最小

那我该怎么办?

解决方案

正如你从 不安全烫

• 默认值:如果以 root 身份运行，则为 false，否则为 true
• 类型:布尔值

设置为 true 以在运行包脚本时禁止 UID/GID 切换.如果明确设置为 false，则以非 root 用户身份安装将失败.

回答您的第一个问题:

<块引用>

我想要的只是能够安装它，请按照以下步骤操作.

如果你打算使用 sudo 来安装 now，你需要指定 --unsafe-perm 选项来运行 npm 作为 root 帐户.您也可以直接从终端运行

sudo npm install --unsafe-perm=true -g now

回答您的下一个问题:

<块引用>

我想要的只是让我系统中的任何人都能够使用它，而安全风险最小

我会建议你在 root 心情下运行你的 now 安装，这样任何用户都可以使用它，并且没有 root 权限就没有权限以任何方式卸载它.所以也许你应该忽略常规做法

I am trying to install a npm module with:

sudo npm install -g now

However, when I try that, I get a warning:

Warning! Please try installing Now CLI again with the --unsafe-perm option.
Example: npm i -g --unsafe-perm now

This unsafe permission worries me, and I want to make it clear whether I need to follow it to fix the warning, or I can ignore it?

The explanation at https://docs.npmjs.com/misc/config#unsafe-perm doesn't really tell much, for me. This commented from sam-github on Mar 30, 2016 explains much more clearly about the implication.

However, even after reading the two several times, I'm still unclear what --unsafe-perm is doing, and what's the implication. So,

• Default: false if running as root
• Set to true to suppress the UID/GID switching when running package scripts.

Is the above two "running" telling about the same thing or different things? If it the same thing, then is it the install time or run time?

All I want is to be able to

• install it
• and let anyone in my system able to use it, with the least security risk

so what should I do?

解决方案

As you rightly read from unsafe-perm

• Default: false if running as root, true otherwise
• Type: Boolean

Set to true to suppress the UID/GID switching when running package scripts. If set explicitly to false, then installing as a non-root user will fail.

To answer your first question:

All I want is to be able to install it, follow the steps below.

If you’re going to use sudo to install now, you need to specify the --unsafe-perm option to run npm as the root account. And you can as well do that directly from your terminal by running

sudo npm install --unsafe-perm=true -g now

To answer your next question:

All I want is to be able to let anyone in my system able to use it, with the least security risk

I will advice you run your installation of now on root mood so that any user can use it and won't have the permission of uninstalling it by any means without the root permission. So maybe you should disregard the regular practice

这篇关于npm sudo 全局安装 &amp;不安全烫发的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！