npm sudo 全局安装 &不安全烫发 [英] npm sudo global installation & unsafe-perm
问题描述
我正在尝试安装一个 npm 模块:
sudo npm install -g now
但是,当我尝试这样做时,我收到警告:
<块引用>警告!请尝试使用 --unsafe-perm
选项再次安装 Now CLI.
示例:npm i -g --unsafe-perm now
这个不安全权限让我很担心,我想说明一下我是需要按照它来修复警告,还是可以忽略它?
https://docs.npmjs.com/misc/config#unsafe 的解释-perm 对我来说并没有多大意义.这个 于 2016 年 3 月 30 日从 sam-github 评论 解释了很多更清楚地了解其含义.
然而,即使看了两遍,我仍然不清楚--unsafe-perm
是做什么的,有什么含义.所以,
- 默认值:如果以 root 身份运行则为 false
- 设置为 true 以在运行包脚本时禁止 UID/GID 切换.
以上两个running"是在说相同的事情还是不同的事情?如果是一样的东西,那么是安装时间还是运行时间?
我想要的是能够
- 安装
- 并让我系统中的任何人都可以使用它,安全风险最小
那我该怎么办?
正如你从 不安全烫
- 默认值:如果以 root 身份运行,则为 false,否则为 true
- 类型:布尔值
设置为 true 以在运行包脚本时禁止 UID/GID 切换.如果明确设置为 false
,则以非 root 用户身份安装将失败.
回答您的第一个问题:
<块引用>我想要的只是能够安装它,请按照以下步骤操作.
如果你打算使用 sudo
来安装 now
,你需要指定 --unsafe-perm
选项来运行 npm
作为 root 帐户.您也可以直接从终端运行
sudo npm install --unsafe-perm=true -g now
回答您的下一个问题:
<块引用>我想要的只是让我系统中的任何人都能够使用它,而安全风险最小
我会建议你在 root 心情下运行你的 now
安装,这样任何用户都可以使用它,并且没有 root 权限就没有权限以任何方式卸载它.所以也许你应该忽略常规做法
I am trying to install a npm module with:
sudo npm install -g now
However, when I try that, I get a warning:
Warning! Please try installing Now CLI again with the
--unsafe-perm
option.
Example:npm i -g --unsafe-perm now
This unsafe permission worries me, and I want to make it clear whether I need to follow it to fix the warning, or I can ignore it?
The explanation at https://docs.npmjs.com/misc/config#unsafe-perm doesn't really tell much, for me. This commented from sam-github on Mar 30, 2016 explains much more clearly about the implication.
However, even after reading the two several times, I'm still unclear what --unsafe-perm
is doing, and what's the implication. So,
- Default: false if running as root
- Set to true to suppress the UID/GID switching when running package scripts.
Is the above two "running" telling about the same thing or different things? If it the same thing, then is it the install time or run time?
All I want is to be able to
- install it
- and let anyone in my system able to use it, with the least security risk
so what should I do?
As you rightly read from unsafe-perm
- Default: false if running as root, true otherwise
- Type: Boolean
Set to true to suppress the UID/GID switching when running package scripts. If set explicitly to false
, then installing as a non-root user will fail.
To answer your first question:
All I want is to be able to install it, follow the steps below.
If you’re going to use sudo
to install now
, you need to specify the --unsafe-perm
option to run npm
as the root account. And you can as well do that directly from your terminal by running
sudo npm install --unsafe-perm=true -g now
To answer your next question:
All I want is to be able to let anyone in my system able to use it, with the least security risk
I will advice you run your installation of now
on root mood so that any user can use it and won't have the permission of uninstalling it by any means without the root permission. So maybe you should disregard the regular practice
这篇关于npm sudo 全局安装 &不安全烫发的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!