Insecure world writable dir ... in PATH, mode 040777

[basickarl]

Software versions

Mac OSX 10.15.7
"@pact-foundation/pact": "^9.16.4",
"@pact-foundation/pact-node": "^10.13.9",
Node v12.22.0

Expected behaviour

No errors.

Actual behaviour

Errors.

Steps to reproduce

The error appears in the following code block, we use jest as the base test framework.

    beforeAll(async function before() {
      console.info('beforeAll');
      // Start mock server
      await provider.setup();
      // Add interactions to the Mock Server, as many as required
      await provider.addInteraction({
        // The 'state' field specifies a "Provider State"
        state: '1 free database',
        uponReceiving: 'request for usage from the provider',
        willRespondWith: {
          // From the provider
          body: USAGE_EXPECTED_BODY,
          headers: { 'Content-Type': 'application/json' },
          status: 200,
        },
        withRequest: {
          // From I the consumer
          headers: {
            Accept: 'application/json',
            Authorization: `Bearer ${JWT}`,
          },
          method: 'GET',
          path: '/usage',
        },
      });
    });

    it('should receive response with usage object', async function test() {
      console.info('Test');

Relevant log files

  console.info
    beforeAll

      at test/contract/consumer-test.js:50:15

[2021-10-15 09:25:07.004 +0000] ERROR (53878 on Karls-MacBook-Pro.local): pact-node@10.13.9: Pact Binary Error: /Users/karl/Development/app/components/console-frontend/webapp/node_modules/@pact-foundation/pact-node/standalone/darwin-1.88.77/pact/lib/ruby/lib/ruby/gems/2.2.0/gems/bundler-1.9.9/lib/bundler/shared_helpers.rb:78: warning: Insecure world writable dir /Users/karl/Development/app/components/console-frontend/webapp in PATH, mode 040777

[2021-10-15 09:25:12.758 +0000] INFO (53878 on Karls-MacBook-Pro.local): pact@9.16.4: Setting up Pact with Consumer "console-frontend" and Provider "console-api"
    using mock service on Port: "8081"
  console.info
    Test

This line specifically from the error above: [2021-10-15 09:25:07.004 +0000] ERROR (53878 on Karls-MacBook-Pro.local): pact-node@10.13.9: Pact Binary Error: /Users/karl/Development/app/components/console-frontend/webapp/node_modules/@pact-foundation/pact-node/standalone/darwin-1.88.77/pact/lib/ruby/lib/ruby/gems/2.2.0/gems/bundler-1.9.9/lib/bundler/shared_helpers.rb:78: warning: Insecure world writable dir /Users/karl/Development/app/components/console-frontend/webapp in PATH, mode 040777

We don't know where it's from or why it appears?

Also some more logs related to publishing:

[2021-10-15 09:33:55.232 +0000] INFO (54708 on Karls-MacBook-Pro.local): pact-node@10.13.9: Publishing Pacts to Broker
[2021-10-15 09:33:55.233 +0000] INFO (54708 on Karls-MacBook-Pro.local): pact-node@10.13.9: Publishing pacts to broker at: https://neo4j.pactflow.io/
[2021-10-15 09:33:55.246 +0000] INFO (54708 on Karls-MacBook-Pro.local): pact@9.16.4: Pact File Written
[2021-10-15 09:33:55.246 +0000] INFO (54708 on Karls-MacBook-Pro.local): pact-node@10.13.9: Removing Pact process with PID: 55770
[2021-10-15 09:33:55.248 +0000] INFO (54708 on Karls-MacBook-Pro.local): pact-node@10.13.9: Deleting Pact Server with options: 
{"consumer":"console-frontend","cors":false,"dir":"/Users/karl/Development/app/components/console-frontend/webapp/pacts","host":"127.0.0.1","log":"/Users/karl/Development/app/components/console-frontend/webapp/logs/pact.log","pactFileWriteMode":"overwrite","port":8081,"provider":"console-api","spec":2,"ssl":false,"timeout":30000}
[2021-10-15 09:33:59.402 +0000] ERROR (54708 on Karls-MacBook-Pro.local): pact-node@10.13.9: Could not publish pact:
/Users/karl/Development/app/components/console-frontend/webapp/node_modules/@pact-foundation/pact-node/standalone/darwin-1.88.77/pact/lib/ruby/lib/ruby/gems/2.2.0/gems/bundler-1.9.9/lib/bundler/shared_helpers.rb:78: warning: Insecure world writable dir /Users/karl/Development/neo4j/app/components/console-frontend/webapp in PATH, mode 040777

[mefellows]

Thanks for raising. It's actually a problem with GitHub runners 777 default permissiona. I'll link to an issue on pact JS repo when back at my desk for remedy

[basickarl]

@mefellows Ah I see! However I am getting this on my local dev laptop also so you know^^.

[mefellows]

See also pact-foundation/pact-js#758. It does look like an issue with the latest standalone and the assumption made by pact-js-core.

But also 777 - dude!

[TimothyJones]

The insecure world writeable dir warning is not the cause of the failure to publish (even though it looks like it is). To fix the warning you'll need to correct the permissions locally - it's warning about a real potential problem, and we don't control the warning. However, this won't correct the failure when it was successful.

For now:

1. You can work around it forever by using the CLI instead (this is actually the recommended best practice - see the examples and the other issue for some discussion)
2. We'll release a version that doesn't have this bug asap.
3. If there's some reason you must use the API instead of the CLI, you can work around it by catching the error (clearly this is not ideal)

[TimothyJones]

The latest version of pact-node (v10.13.10) should not have this problem (and if it does fail, it'll give you better output).

[basickarl]

@TimothyJones You are indeed correct regarding that it still works, it just happens to throw an error. We want to run this in or CI so for now we have put a try catch around the area however this ain't good if it throws another type of error.

Ok I'll have a look at the new version^^