(pre) Release: 6.10.2-next.1

I haven’t been announcing prereleases, but this is a good one. It’s currently on the next tag, slated to be pushed to latest on Tuesday, July 23 (ie, 1 week from today).

tl;dr - Fixes several issues with the cache when npm is run as sudo on Unix systems. This should address Let's get rid of root-owned files in the cache! fully, but I’d really love for some other folks to test it out before declaring victory.

To try it out, you can run:

npm install -g npm@next

If you need to run sudo to install globally, make sure that you sudo chown -R $USER ~/.npm after doing so. (And, hopefully, this will be the last time!)

Full changelog:

TESTING

BUGFIXES

  • 25f4f73f6 add a util for writing arbitrary files to cache This prevents metrics timing and debug logs from becoming root-owned. (@isaacs)
  • 2c61ce65d infer cache owner from parent dir in correct-mkdir util (@isaacs)
  • 235e5d6df ensure correct owner on cached all-packages metadata (@isaacs)

DEPENDENCIES

6.10.2-next.1 just went live, with updates to npm-lifecycle and node-gyp. Changelog additions:

You write:

When running as sudo (without the -H flag), the HOME environment
variable is /var/root by default.

This is incorrect. Try running sudo sh -c 'echo $HOME' to verify. Then compare to sudo -H sh -c 'echo $HOME'

The problem you’ve been having is that $HOME is set to the user’s home directory and thus the user’s ~/.npm/cacache is used even if the user invokes npm with sudo. This is not because $HOME is /var/root, it’s because sudo does not change $HOME.

I didn’t read the rest of this commit so it’s possible that your wrong assessment here doesn’t affect the rest of your patch.

Huh. On my system this was pulling up HOME as /var/root when running under sudo. It might be a different config somewhere? I’ll dig in further.

In any event, reading perms based on the actual cache location is better than pulling them from some other place, which might not be where the cache actually lives.