Option to allow --unsafe-params

[mariosant]

I came down to a strange issue lately. I wanted to publish a private npm module, which used the prepare hook in order to get built before this. I am using webpack for the build process and while running fine locally, this is what I got on Wercker:

npm WARN lifecycle xxxxxxxxxxxxxxxxxxx~prepare: cannot run in wd %s %s (wd=%s) 

The issue here is that npm is being executed as root user and it doesn't really like that. This can be resolved though, by passing the parameter --unsafe-param while running npm publish.

My suggestion here would be to add an option to the step, ie PASS_UNSAFE_PARAM and if this is set, the step will pass the parameter to npm publish.

What do you think guys?

[mariosant]

@Starefossen ?

[Starefossen]

Sorry for not responding earlier. Yes, it sounds reasonable that one should be able to configure this, but maybe off by default?

[mariosant]

Off by default, available when someone asks it, it is!

[hillct]

Another key place where this is important, is in Docker container builds which will always run as root. In fact, for the moment, I'm going to have to fall back to the old prepublish behavior, in order to get out docker images to continue to build reliably, at least in the short term.