When you add this property, you add it to your script environment with the npm_config_package prefix:
$ cat package.json { "config": { "unsafe-perm": true } } $ npm run env | grep perm $ npm run env | grep perm npm_package_config_unsafe_perm=true npm_config_unsafe_perm=true $ sudo npm run env | grep perm npm_package_config_unsafe_perm=true npm_config_unsafe_perm= $
This is for security reasons, sort of. For an arbitrary package from the npm registry, it would be nice to let you change the npm configuration settings (for example, that if he installed the prefix on /etc and installed a file called passwd )
However, you can still get around this by setting the environment variable in the script line (this will not work on Windows):
$ cat package.json { "config": { "unsafe-perm": true }, "scripts": { "foo": "npm_config_unsafe_perm=true env" } } $ npm run foo | grep unsafe_perm npm_config_unsafe_perm=true npm_package_config_unsafe_perm=true npm_lifecycle_script=npm_config_unsafe_perm=true env npm_package_scripts_foo=npm_config_unsafe_perm=true env $ sudo npm run foo | grep unsafe_perm npm_config_unsafe_perm=true npm_package_config_unsafe_perm=true npm_lifecycle_script=npm_config_unsafe_perm=true env npm_package_scripts_foo=npm_config_unsafe_perm=true env $
This may be a bug in npm , although I would recommend not relying on this behavior. Can you avoid using a different user than root ?
Source: Tested with npm@2.6.1 on OSX. I support volunteer in npm problem tracking, https://github.com/npm/npm/issues .
Sam Mikes Feb 28 '15 at 22:57 2015-02-28 22:57
source share