npms-io / npms-analyzer

The analyzer behind https://npms.io
MIT License
319 stars 38 forks source link

tar extracts archive with broken permissions #170

Open bcoe opened 7 years ago

bcoe commented 7 years ago

We've noticed an occasional bug at npm during the analyzer's tar extraction step:

This might be related to the settings --same-owner, and --preserve-permissions but it seems like these settings should be defaulting appropriately for a non-super user (our analyzer is run as ubuntu):

# npms-analyzer-consume node 0

description "rank packages based on several metrics"

start on started network-services
stop on stopping network-services
respawn
setuid ubuntu
setgid ubuntu

We do not currently use bsdtar, so one thought I had was perhaps switching to the default tar program that npms-analyzer looks for might solve the problem?

any thoughts, have you bumped into anything similar?

satazor commented 7 years ago

Could you provide the error message produced so I could search in kibana? Also do you know the particular package that causes this?