NodeJS unsafe-perm无法在package.json上运行 [英] NodeJS unsafe-perm not working on package.json

问题描述

我正在尝试使用我的 package.json 中的预安装脚本运行 npm install 命令。我知道它是反模式但我需要以root身份运行一些脚本。

I'm trying to run a npm install command with a preinstall script at my package.json. I know it's antipattern but I need to run some scripts as root.

通过添加 .npmrc 它正常工作包含 unsafe-perm = true 的文件到我的根目录。但它不能在我的 package.json 文件中添加一个配置属性：

It's working fine by adding a .npmrc file containing unsafe-perm = true to my root directory. But it's not working by add a config property in my package.json file:

   {
     "name": "foo",
     "version": "1.4.4",
     "config": {
        "unsafe-perm":true
     },
     "scripts" :  { 
        "preinstall" : "npm install -g bower"
     }
   }
   // It is not working

根据 NPM配置文档可以在我的包文件中添加此属性。我想明白为什么它不起作用。

According with NPM config docs it's ok adding this property in my package file. I want to understand why it's not working.

推荐答案

添加该属性时，您将其添加到脚本环境中，前缀为 npm_config_package ：

When you add that property, you are adding it to the environment of your script with the prefix npm_config_package:

$ cat package.json
{
 "config": { "unsafe-perm": true }
}
$ npm run env | grep perm
$ npm run env | grep perm
npm_package_config_unsafe_perm=true
npm_config_unsafe_perm=true
$ sudo npm run env | grep perm
npm_package_config_unsafe_perm=true
npm_config_unsafe_perm=
$

this出于安全考虑，有点儿。对于来自 npm 注册表的任意包，允许您更改 npm 的配置设置（例如，如果它将前缀设置为 / etc 并安装了一个名为 passwd 的文件

This is for security reasons, sort of. It would not be good for an arbitrary package from the npm registry to allow you to change npm's config settings (e.g., what if it set prefix to /etc and installed a file named passwd)

但是你仍然可以通过在脚本行中设置环境变量来解决它（这在Windows上不起作用）：

However you can still get around it by setting the environment variable in on your script line (this will not work on Windows):

$ cat package.json 
{
  "config": { "unsafe-perm": true },
  "scripts": { "foo": "npm_config_unsafe_perm=true env" }
 }
$ npm run foo | grep unsafe_perm
npm_config_unsafe_perm=true
npm_package_config_unsafe_perm=true
npm_lifecycle_script=npm_config_unsafe_perm=true env
npm_package_scripts_foo=npm_config_unsafe_perm=true env
$ sudo npm run foo | grep unsafe_perm
npm_config_unsafe_perm=true
npm_package_config_unsafe_perm=true
npm_lifecycle_script=npm_config_unsafe_perm=true env
npm_package_scripts_foo=npm_config_unsafe_perm=true env
$ 

这可能是 npm 中的错误，所以我建议不要依赖于此行为。您能否使用与 root 不同的用户？

This may be a bug in npm though, so I would recommend not relying on this behavior. Can you get away with using a different user than root?

来源：使用进行测试OSX上的npm@2.6.1 。我是 npm 问题跟踪器的支持志愿者， https ：//github.com/npm/npm/issues 。

Source: Tested with npm@2.6.1 on OSX. I am a support volunteer on the npm issue tracker, https://github.com/npm/npm/issues.

这篇关于NodeJS unsafe-perm无法在package.json上运行的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！