archive/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-08-15 05:38:47 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

doc: add section about using npx with permission model
Some checks failed
Test and upload documentation to artifacts / build-docs (push) Failing after 6m51s
Details
Linters / lint-addon-docs (push) Successful in 2m20s
Details
Linters / format-cpp (push) Has been skipped
Details
Linters / lint-cpp (push) Successful in 3m23s
Details
Linters / lint-py (push) Successful in 2m51s
Details
Linters / lint-sh (push) Failing after 1m37s
Details
Linters / lint-codeowners (push) Failing after 56s
Details
Linters / lint-pr-url (push) Has been skipped
Details
Linters / lint-js-and-md (push) Successful in 9m20s
Details
Linters / lint-yaml (push) Successful in 2m45s
Details
Linters / lint-readme (push) Successful in 1m43s
Details
Test internet / test-internet (push) Failing after 2m45s
Details

Browse source 
Co-Authored-By: Gar <gar+gh@danger.computer>
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
PR-URL: https://github.com/nodejs/node/pull/56539
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Ruy Adorno <ruy@vlt.sh>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
This commit is contained in:
Rafael Gonzaga 2025-01-13 06:49:45 -03:00 committed by Marco Ippolito
parent 8f5bec7677
commit fc777a6e46
No known key found for this signature in database
GPG key ID: 27F5E38D5B0A215F
1 changed files with 38 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

38
doc/api/permissions.md
View file

@ -581,6 +581,43 @@ does not exist, the wildcard will not be added, and access will be limited to
yet, make sure to explicitly include the wildcard:
`/my-path/folder-do-not-exist/*`.
#### Using the Permission Model with `npx`
If you're using [`npx`][] to execute a Node.js script, you can enable the
Permission Model by passing the `--node-options` flag. For example:
```bash
npx --node-options="--permission" package-name
```
This sets the `NODE_OPTIONS` environment variable for all Node.js processes
spawned by [`npx`][], without affecting the `npx` process itself.
**FileSystemRead Error with `npx`**
The above command will likely throw a `FileSystemRead` invalid access error
because Node.js requires file system read access to locate and execute the
package. To avoid this:
1. **Using a Globally Installed Package**
Grant read access to the global `node_modules` directory by running:
```bash
npx --node-options="--permission --allow-fs-read=$(npm prefix -g)" package-name
```
2. **Using the `npx` Cache**
If you are installing the package temporarily or relying on the `npx` cache,
grant read access to the npm cache directory:
```bash
npx --node-options="--permission --allow-fs-read=$(npm config get cache)" package-name
```
Any arguments you would normally pass to `node` (e.g., `--allow-*` flags) can
also be passed through the `--node-options` flag. This flexibility makes it
easy to configure permissions as needed when using `npx`.
#### Permission Model constraints
There are constraints you need to know before using this system:
@ -620,6 +657,7 @@ There are constraints you need to know before using this system:
[`--allow-wasi`]: cli.md#--allow-wasi
[`--allow-worker`]: cli.md#--allow-worker
[`--experimental-permission`]: cli.md#--experimental-permission
[`npx`]: https://docs.npmjs.com/cli/commands/npx
[`permission.has()`]: process.md#processpermissionhasscope-reference
[relative-url string]: https://url.spec.whatwg.org/#relative-url-with-fragment-string
[special schemes]: https://url.spec.whatwg.org/#special-scheme