Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

npm: 使用root 用户执行npm lifecycle 命令时报错 #5

SamHwang1990 opened this issue Jan 12, 2017 · 0 comments


None yet
1 participant
Copy link

commented Jan 12, 2017

npm lifecycle 命令在执行前,会判断配置unsafe-perm为true 时才继续,否则会提前退出。


    // lib/utils/lifecycle.js
    unsafe = unsafe || npm.config.get('unsafe-perm')

    if ((wd.indexOf(npm.dir) !== 0 || _incorrectWorkingDirectory(wd, pkg)) &&
        !unsafe && pkg.scripts[stage]) {
      log.warn('lifecycle', logid(pkg, stage), 'cannot run in wd',
        '%s %s (wd=%s)', pkg._id, pkg.scripts[stage], wd
      return cb()

问题的分析参见:Npm install failed with “cannot run in wd”

配置的读取顺序大致参考:npm-config,即cli -> env -> npmrc -> default


    // lib/config/defaults.js
    'unsafe-perm': process.platform === 'win32' ||
                     process.platform === 'cygwin' ||
                     !(process.getuid && process.setuid &&
                       process.getgid && process.setgid) ||
                     process.getuid() !== 0

针对unix 平台,使用root 用户执行npm 命令时得到的默认值都会是false

我的理解大致是避免以root 的身份去执行lifecycle 命令时可能造成的安全问题。

要避开该问题,只要覆盖default中的初始值即可,比如用cli参数或者npm config set unsafe-perm=true


// .npmrc
unsafe-perm = true


Liu233w added a commit to Liu233w/acm-statistics that referenced this issue Apr 25, 2018

chore(tools): 使用部署脚本安装的时候启动 --unsafe-perm 模式
这样的话,使用 root 权限运行 postinstall 脚本就不会报错了(安全原因)

see npm/npm#3497
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.