Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] lifecycle hooks do not work with unsafe-perm=false #1004

Closed
CarstenLeue opened this issue Mar 11, 2020 · 4 comments
Closed

[BUG] lifecycle hooks do not work with unsafe-perm=false #1004

CarstenLeue opened this issue Mar 11, 2020 · 4 comments
Labels
Bug thing that needs fixing

Comments

@CarstenLeue
Copy link

What / Why

I have a lifecylehook for postversion. This hook is not being called if I run with unsafe-perm=false instead the command warns with:

npm WARN lifecycle sites-next@9.0.10003~postversion: cannot run in wd sites-next@9.0.10003 ng g @acoustic-content-sdk/schematics:version (wd=/usr/build/sites)

After debugging the NPM code I found that this line caused the issue:

https://github.com/npm/npm-lifecycle/blob/latest/index.js#L88

The failing check is:

wd.indexOf(opts.dir) !== 0

In the case of the version script opts.dir points to the node_modules subdirectory of wd, so the check always returns true.

in my test wd is /usr/build/carsten-new-project but opts.dir is /usr/build/carsten-new-project/node_modules.

This looks like a general issue in how the opts.dir is initialized since I cannot control it calling the version command.

When

When executing the version command as part of a postversion script.

npm version 1.0.0

Where

You can use the trivial example at https://github.com/Carsten-Leue/npm-unsafe-perm to reproduce. Make sure to run with unsafe-perm=false
@J1G4RSH4H
Copy link

Hi,

@CarstenLeue , I am also facing the similar issue with postinstall lifecycle hook, where I run npm install with unsafe-perm the postinstall lifecycle hook script is being executed but without unsafe-perm it does not execute with warn

postinstall: cannot run in wd

Did you get any solution for the same ?

Thanks,
Jigar

@Seb35
Copy link

Seb35 commented Jul 20, 2020

This issue is the same than npm-lifecycle#49.

From my analysis it is mandatory to set unsafe-perm to true if we want the scripts are executed when the current user is root, and the config user and group are useless. And if the action (postinstall, prepare, etc) is in a Git dependency, you should set an environment variable npm_config_unsafe_perm="true" to be sure it will reach the child npm.

@darcyclarke darcyclarke added the Bug thing that needs fixing label Oct 30, 2020
@darcyclarke
Copy link
Contributor

npm v6 is no longer in active development; We will continue to push security releases to v6 at our team's discretion as-per our Support Policy.

If your bug is preproducible on v7, please re-file this issue using our new issue template.

If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo

Closing: This is an automated message.

@lydell
Copy link

lydell commented Dec 10, 2021

I reproduced this with npm 6, but not with npm 7 and npm 8 so the bug seems fixed in npm 7+! Thanks!

@nelsenpro nelsenpro mentioned this issue Mar 8, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@darcyclarke @Seb35 @lydell @CarstenLeue @J1G4RSH4H