Allow read-only `node_modules` folder with more sophisticated type check

[cdauth]

I'm hardening the Docker image of my Node.js app by making the whole app owned by root but run it as another user so that it cannot modify itself. To make the cache work, only the node_modules/.cache/myapp folder is owned by the app user.

Currently, with the changes introduced by #10, find-cache-dir returns null if node_modules is not writable.

Here is how I think the permission check should work instead if node_modules is found:

• If node_modules/.cache/${name} exists: If it is writeable, return node_modules/.cache/${name}, otherwise return null
• Otherwise, if node_modules/.cache exists: If it is writeable, return node_modules/.cache/${name}, otherwise return null
• Otherwise: If node_modules is writeable, return node_modules/.cache/${name}, otherwise return null

As a workaround for now, I can specify the cache dir using the CACHE_DIR environment variable.

[sindresorhus]

This is an extreme edge-case, but a good pull request with tests would be accepted.

[sindresorhus]

Thinking about this more, I think this is out of scope. The module intentionally returns undefined when node_modules isn’t writable to keep the behavior simple and predictable. Use the documented CACHE_DIR override (or an external cache path) in hardened Docker images.