New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm package / file ownership issues #5
Comments
I think this might be affecting MegaLinter too oxsecurity/megalinter#2348 |
Hi! Sorry this is causing problems. I made it 9 years ago and have no idea how it would break things. Before doing an NPM release do I need to update anything? I don't really understand the problem it would be causing. |
I was thinking that maybe having a build in a clean environnement, that the files packages wouldn't have weird user ids included in the tarball. I tried to setup some CI in a fork to test things out, but I can't get it to build. What were the steps that you run to build/package the project? |
I believe just this gulp build step: https://github.com/kyldvs/ast-types-flow/blob/master/gulpfile.js#L6 but this was from 2015, so I'm not sure if it will actually run without changes. I don't think running the |
File owners/permissions aren't stored by Git, there is only the executable bit that is kept if I recall correctly. So there isn't any PR to make, probably just repackage. |
Running into the same problem. If you do
Notice the high UID and GID? Those are the problem. I think a re-package in a clean environment and re-publish should fix the problem. Happy to assist if needed. |
Happy to publish a new version to npm. Can someone help by submitting a PR so that the appropriate scripts package things for me to publish cleanly? For example right now Alternatively if that's unnecessary, tell me exactly the commands to run to publish from the latest commit and that would be helpful, I have not worked in this space in quite a while :) |
I did a quick thing with Docker (I was in Dockerland anyway):
This worked successful and you can find the resulting So what's left for you to do is this:
Hope this helps. If not, feel free to reach out. Happy to help. |
@rmehner thanks a bunch for the clear steps. I think I've got a new release out, please let me know if this resolves the issues: https://www.npmjs.com/package/ast-types-flow/v/0.0.8 |
Getting the package with
Looks good! Thanks @kyldvs! |
…blems Version 0.0.7 had a problem with a very high user id, which lead to problems when used in Docker with user namespacing. For some details check: kyldvs/ast-types-flow#5
First of all, thank you very much for this package! Knowing that it has not been updated since 2019, I'd kindly like to ask if it would nevertheless be possible to release a new npm package because of file ownership issues that currently affect the functionality of the latest versions of https://github.com/github/super-linter in certain scenarios via its
eslint-plugin-jsx-a11y
dependency.The specific issue in question is github/super-linter#3785 and this comment outlines the details. In short, the files within the npm package have very high user/group IDs which will not make it possible to use affected images for rootless podman/docker containers with default configurations.
The text was updated successfully, but these errors were encountered: