find-cache-dir Allow read-only `node_modules` folder with more sophisticated type check

Allow read-only `node_modules` folder with more sophisticated type check

Open cdauth opened this issue 8 months ago • 1 comments

I'm hardening the Docker image of my Node.js app by making the whole app owned by root but run it as another user so that it cannot modify itself. To make the cache work, only the node_modules/.cache/myapp folder is owned by the app user.

Currently, with the changes introduced by #10, find-cache-dir returns null if node_modules is not writable.

Here is how I think the permission check should work instead if node_modules is found:

If node_modules/.cache/${name} exists: If it is writeable, return node_modules/.cache/${name}, otherwise return null
Otherwise, if node_modules/.cache exists: If it is writeable, return node_modules/.cache/${name}, otherwise return null
Otherwise: If node_modules is writeable, return node_modules/.cache/${name}, otherwise return null

As a workaround for now, I can specify the cache dir using the CACHE_DIR environment variable.

Nov 16 '23 19:11 cdauth

find-cache-dir find-cache-dir copied to clipboard

Allow read-only `node_modules` folder with more sophisticated type check

find-cache-dir
find-cache-dir copied to clipboard