Skip to content
Browse files

Add a stronger warning around installing with sudo

  • Loading branch information...
1 parent 1ad8b45 commit 5348397801d13589fe280e89850f17db7391814a @isaacs isaacs committed Oct 5, 2010
Showing with 41 additions and 1 deletion.
  1. +41 −1 lib/install.js
View
42 lib/install.js
@@ -38,8 +38,13 @@ var registry = require("./utils/registry")
, fs = require("./utils/graceful-fs")
, cache = require("./cache")
, asyncMap = require("./utils/async-map")
+ , prompt = require("./utils/prompt")
-function install (pkglist, cb) {
+function install (pkglist, cb) { sudont(pkglist, function (er) {
+ if (er) {
+ log.warn("wisely aborted", "sudo")
+ return cb()
+ }
if (pkglist.length === 0) pkglist = ["."]
// it's helpful to know what we have already
if (!installedPackages) return readInstalled([], function (er, data) {
@@ -73,6 +78,41 @@ function install (pkglist, cb) {
if (er) return cb(er)
buildAll(reg, cb)
})
+})}
+
+var wasWarned = false
+function sudont (pkglist, cb) {
+ if (wasWarned || process.getuid() !== 0) return cb()
+ var unsafe = pkglist.filter(function (p) {
+ return p.split('@')[0] !== "npm"
+ })
+ // make an exception for npm itself, which may be sudo installed.
+ if (!unsafe.length) return cb()
+ wasWarned = true
+ prompt
+ ( [""
+ ,"You are about to install the following packages as root,"
+ ,"along with any dependencies:"
+ ,""
+ ," "+pkglist.join("\n ")
+ ,""
+ ,"Are you very sure that you want to do this?"
+ ,"Note that you are installing for ALL users, and that"
+ ,"this may lead to annoying errors as well as danger."
+ ,""
+ ,"If you want to use npm without using sudo, then run"
+ ,""
+ ," sudo npm multiuser"
+ ,""
+ ,"to configure it for multiuser use."
+ ,""
+ ,"Type 'PWN ME PLZ' to continue> "
+ ].join("\n")
+ , function (er, sure) {
+ if (sure !== 'PWN ME PLZ') return cb("wisely aborted")
+ else return cb()
+ }
+ )
}
// call the cb with the "next" thing(s) to look up for this one, or nothing

0 comments on commit 5348397

Please sign in to comment.
Something went wrong with that request. Please try again.