Skip to content

Commit

Permalink
doc: add section about using npx with permission model
Browse files Browse the repository at this point in the history
Co-Authored-By: Gar <[email protected]>
Signed-off-by: RafaelGSS <[email protected]>
PR-URL: nodejs#56539
Reviewed-By: Trivikram Kamat <[email protected]>
Reviewed-By: Ruy Adorno <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
  • Loading branch information
2 people authored and Ceres6 committed Jan 13, 2025
1 parent afdd593 commit c1e4c78
Showing 1 changed file with 38 additions and 0 deletions.
38 changes: 38 additions & 0 deletions doc/api/permissions.md
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,43 @@ does not exist, the wildcard will not be added, and access will be limited to
yet, make sure to explicitly include the wildcard:
`/my-path/folder-do-not-exist/*`.

#### Using the Permission Model with `npx`

If you're using [`npx`][] to execute a Node.js script, you can enable the
Permission Model by passing the `--node-options` flag. For example:

```bash
npx --node-options="--permission" package-name
```

This sets the `NODE_OPTIONS` environment variable for all Node.js processes
spawned by [`npx`][], without affecting the `npx` process itself.

**FileSystemRead Error with `npx`**

The above command will likely throw a `FileSystemRead` invalid access error
because Node.js requires file system read access to locate and execute the
package. To avoid this:

1. **Using a Globally Installed Package**
Grant read access to the global `node_modules` directory by running:

```bash
npx --node-options="--permission --allow-fs-read=$(npm prefix -g)" package-name
```

2. **Using the `npx` Cache**
If you are installing the package temporarily or relying on the `npx` cache,
grant read access to the npm cache directory:

```bash
npx --node-options="--permission --allow-fs-read=$(npm config get cache)" package-name
```

Any arguments you would normally pass to `node` (e.g., `--allow-*` flags) can
also be passed through the `--node-options` flag. This flexibility makes it
easy to configure permissions as needed when using `npx`.

#### Permission Model constraints

There are constraints you need to know before using this system:
Expand Down Expand Up @@ -166,4 +203,5 @@ There are constraints you need to know before using this system:
[`--allow-wasi`]: cli.md#--allow-wasi
[`--allow-worker`]: cli.md#--allow-worker
[`--permission`]: cli.md#--permission
[`npx`]: https://docs.npmjs.com/cli/commands/npx
[`permission.has()`]: process.md#processpermissionhasscope-reference

0 comments on commit c1e4c78

Please sign in to comment.