Skip to content

Commit

Permalink
Infer ownership of shrinkwrap files
Browse files Browse the repository at this point in the history
Do not leave a root-owned package-lock or npm-shrinkwrap file in the
project root, where it will create problems when the user tries to
update it later.
  • Loading branch information
isaacs committed Aug 15, 2019
1 parent 8b85eaa commit b7f6e5f
Showing 1 changed file with 20 additions and 7 deletions.
27 changes: 20 additions & 7 deletions lib/shrinkwrap.js
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,13 @@ const writeFileAtomic = require('write-file-atomic')
const unixFormatPath = require('./utils/unix-format-path.js')
const isRegistry = require('./utils/is-registry.js')

const { chown } = require('fs')
const inferOwner = require('infer-owner')
const selfOwner = {
uid: process.getuid && process.getuid(),
gid: process.getgid && process.getgid()
}

const PKGLOCK = 'package-lock.json'
const SHRINKWRAP = 'npm-shrinkwrap.json'
const PKGLOCK_VERSION = npm.lockfileVersion
Expand Down Expand Up @@ -217,13 +224,19 @@ function save (dir, pkginfo, opts, cb) {
log.verbose('shrinkwrap', `skipping write for ${path.basename(info.path)} because there were no changes.`)
cb(null, pkginfo)
} else {
writeFileAtomic(info.path, swdata, (err) => {
if (err) return cb(err)
if (opts.silent) return cb(null, pkginfo)
if (!shrinkwrap && !lockfile) {
log.notice('', `created a lockfile as ${path.basename(info.path)}. You should commit this file.`)
}
cb(null, pkginfo)
inferOwner(info.path).then(owner => {
writeFileAtomic(info.path, swdata, (err) => {
if (err) return cb(err)
if (opts.silent) return cb(null, pkginfo)
if (!shrinkwrap && !lockfile) {
log.notice('', `created a lockfile as ${path.basename(info.path)}. You should commit this file.`)
}
if (selfOwner.uid === 0 && (selfOwner.uid !== owner.uid || selfOwner.gid !== owner.gid)) {
chown(info.path, owner.uid, owner.gid, er => cb(er, pkginfo))
} else {
cb(null, pkginfo)
}
})
})
}
}
Expand Down

0 comments on commit b7f6e5f

Please sign in to comment.