Add a stronger warning around installing with sudo

mmalecki · Oct 19, 2010 · 5348397 · 5348397
1 parent 1ad8b45
commit 5348397
Showing 1 changed file with 41 additions and 1 deletion.
diff --git a/lib/install.js b/lib/install.js
@@ -38,8 +38,13 @@ var registry = require("./utils/registry")
   , fs = require("./utils/graceful-fs")
   , cache = require("./cache")
   , asyncMap = require("./utils/async-map")
+  , prompt = require("./utils/prompt")
 
-function install (pkglist, cb) {
+function install (pkglist, cb) { sudont(pkglist, function (er) {
+  if (er) {
+    log.warn("wisely aborted", "sudo")
+    return cb()
+  }
   if (pkglist.length === 0) pkglist = ["."]
   // it's helpful to know what we have already
   if (!installedPackages) return readInstalled([], function (er, data) {
@@ -73,6 +78,41 @@ function install (pkglist, cb) {
     if (er) return cb(er)
     buildAll(reg, cb)
   })
+})}
+
+var wasWarned = false
+function sudont (pkglist, cb) {
+  if (wasWarned || process.getuid() !== 0) return cb()
+  var unsafe = pkglist.filter(function (p) {
+    return p.split('@')[0] !== "npm"
+  })
+  // make an exception for npm itself, which may be sudo installed.
+  if (!unsafe.length) return cb()
+  wasWarned = true
+  prompt
+    ( [""
+      ,"You are about to install the following packages as root,"
+      ,"along with any dependencies:"
+      ,""
+      ,"    "+pkglist.join("\n    ")
+      ,""
+      ,"Are you very sure that you want to do this?"
+      ,"Note that you are installing for ALL users, and that"
+      ,"this may lead to annoying errors as well as danger."
+      ,""
+      ,"If you want to use npm without using sudo, then run"
+      ,""
+      ,"    sudo npm multiuser"
+      ,""
+      ,"to configure it for multiuser use."
+      ,""
+      ,"Type 'PWN ME PLZ' to continue> "
+      ].join("\n")
+    , function (er, sure) {
+        if (sure !== 'PWN ME PLZ') return cb("wisely aborted")
+        else return cb()
+      }
+    )
 }
 
 // call the cb with the "next" thing(s) to look up for this one, or nothing