nodejs环境下如何配置module.paths的内容 [英] How to configure the content of module.paths in a nodejs environment

问题描述

在我的 debian 10 系统上，我以用户joerg"的身份执行以下操作:

On my debian 10 system I do the follwing as user "joerg":

joerg@h2257088:~/temporary/play$ export NODE_PATH=myOwnNodePath
joerg@h2257088:~/temporary/play$ node
Welcome to Node.js v12.20.0.
Type ".help" for more information.
> module.paths
[
  '/home/joerg/temporary/play/repl/node_modules',
  '/home/joerg/temporary/play/node_modules',
  '/home/joerg/temporary/node_modules',
  '/home/joerg/node_modules',
  '/home/node_modules',
  '/node_modules',
  '/usr/lib/node'
]
>

与用户root"执行相同的操作给出:

Doing the same as user "root" gives:

root@h2257088:/home/joerg/temporary/play# export NODE_PATH=myOwnNodePath
root@h2257088:/home/joerg/temporary/play# node
Welcome to Node.js v12.20.0.
Type ".help" for more information.
> module.paths
[
  '/home/joerg/temporary/play/repl/node_modules',
  '/home/joerg/temporary/play/node_modules',
  '/home/joerg/temporary/node_modules',
  '/home/joerg/node_modules',
  '/home/node_modules',
  '/node_modules',
  'myOwnNodePath',
  '/root/.node_modules',
  '/root/.node_libraries',
  '/usr/lib/node'
]
>

这里我有三个额外的条目(顺便说一下，我想要(将/root"明显更改为/home/joerg")):

Here I have three additional entries (which, by the way I want to have (with the obvious change of "/root" to "/home/joerg")):

'myOwnNodePath',
'/root/.node_modules',
'/root/.node_libraries',

nodejs环境中module.paths的内容定义是什么?我该怎么做才能获取丢失的条目?

What is defining the content of module.paths in a nodejs environment? What can I do, to get the missing entries?

这个问题与(未回答的)问题有关:NODE_PATH 对 module.paths 或查找模块没有影响.

This question is related to (the not answered) question: NODE_PATH has no effect on module.paths or finding modules.

之后

apt-get purge   -y nodejs
apt-get install -y nodejs

它有效.也就是说:对于 root 用户和 joerg 用户都相同，以前的行为只出现在 root 用户中，因此，正如我想要的那样.这解决了我的主要问题，但没有回答问题.

it works. That is: Identical for both users root and joerg, with the behaviour formerly appearing for root only and hence, as I want to have it. This solves my principal problem, but does not answer the question.

推荐答案

这实际上不是配置问题.相反，将条目放入 module.paths 数组中有一些动态.在 Unix 上(而不是在 Windows 上)，如果应该安全地处理节点二进制文件，则源自不安全环境变量的某些条目不会包含在 module.paths 数组中.

This is actually not a configuration issue. Instead there is some dynamics in putting entries into the module.paths array. On Unix (not on Windows), if the node binary should be treated securely, certain entries stemming from unsecure environment variables are not included in the module.paths array.

更准确地说，如果节点二进制文件具有 set-user-ID 或 set-group-ID 或具有功能，则来自环境变量 HOME 和 NODE_PATH 的条目将不会包含在 module.paths 数组中，这正是问题中提到的三个条目所缺失的.

More precisely, if the node binary has set-user-ID or set-group-ID or has capabilities, the entries stemming from the environment variables HOME and NODE_PATH will not be included in the module.paths array, which are exactly the three entries mentioned as missing by the question.

为了解决我的问题，我将复制节点二进制文件，以便我有两个:node 表示正常"；执行(运行 javascript 脚本)和 nodeServer，它将获得作为 http 服务器执行的能力(使用低端口号).

To solve my problem I will copy the node binary so that I have two: node for "normal" execution (running javascript scripts) and nodeServer, which will get the capabilities (to use low port numbers), for execution as an http-server.

更准确地说，如果辅助向量的 AT_SECURE 条目具有非零值(请参阅 man getauxval)，三个条目

Even more precisely, if the AT_SECURE entry of the auxiliary vector has a non-zero value (see man getauxval), the three entries

$NODE_MODULES
$HOME/.node_modules
$HOME/.node_libraries

不包括在内.引用 man getauxval:

最常见的是，AT_SECURE 的非零值表示进程正在执行 set-user-ID 或 set-group-ID 二进制文件(因此其实际和有效的 UID 或 GID 彼此不同)，或者它获得了通过执行具有功能的二进制文件来实现功能.或者，非零值可能由 Linux 安全模块触发.

Most commonly, a nonzero value of AT_SECURE indicates that the process is executing a set-user-ID or set-group-ID binary (so that its real and effective UIDs or GIDs differ from one another), or that it gained capabilities by executing a binary file that has capabilities. Alternatively, a nonzero value may be triggered by a Linux Security Module.

重新安装节点后，功能不再设置，这解释了问题编辑中的观察结果.重做

After reinstalling node the capabilities are not longer set, which explains the observation in the EDIT of the question. Re-doing the

setcap CAP_NET_BIND_SERVICE=+eip /usr/bin/node

将重新引入不需要的行为.

will re-introduce the unwanted behaviour.

证据来自节点的来源(版本 12，因为这是我使用的):

Evidence comes out of the source for node (version 12 because this is what I use):

在lib/internal/modules/cjs/loader.js中:

Module._initPaths = function() {
  const homeDir = isWindows ? process.env.USERPROFILE : safeGetenv('HOME');
  const nodePath = isWindows ? process.env.NODE_PATH : safeGetenv('NODE_PATH');
  ...

在 src/node_credentials.cc 中:

bool SafeGetenv(const char* key, std::string* text, Environment* env) {
#if !defined(__CloudABI__) && !defined(_WIN32)
  if (per_process::linux_at_secure || getuid() != geteuid() ||
      getgid() != getegid())
    goto fail;
#endif
...

在src/node_main.cc中:

#if defined(__linux__)
  char** envp = environ;
  while (*envp++ != nullptr) {}
  Elf_auxv_t* auxv = reinterpret_cast<Elf_auxv_t*>(envp);
  for (; auxv->a_type != AT_NULL; auxv++) {
    if (auxv->a_type == AT_SECURE) {
      node::per_process::linux_at_secure = auxv->a_un.a_val;
      break;
    }
  }
#endif

这篇关于nodejs环境下如何配置module.paths的内容的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！