I'm hardening the Docker image of my Node.js app by making the whole app owned by root but run it as another user so that it cannot modify itself. To make the cache work, only the node_modules/.cache/myapp folder is owned by the app user.
Currently, with the changes introduced by #10, find-cache-dir returns null if node_modules is not writable.
Here is how I think the permission check should work instead if node_modules is found:
If node_modules/.cache/${name} exists: If it is writeable, return node_modules/.cache/${name}, otherwise return null
Otherwise, if node_modules/.cache exists: If it is writeable, return node_modules/.cache/${name}, otherwise return null
Otherwise: If node_modules is writeable, return node_modules/.cache/${name}, otherwise return null
As a workaround for now, I can specify the cache dir using the CACHE_DIR environment variable.
I'm hardening the Docker image of my Node.js app by making the whole app owned by root but run it as another user so that it cannot modify itself. To make the cache work, only the
node_modules/.cache/myapp
folder is owned by the app user.Currently, with the changes introduced by #10,
find-cache-dir
returnsnull
ifnode_modules
is not writable.Here is how I think the permission check should work instead if
node_modules
is found:node_modules/.cache/${name}
exists: If it is writeable, returnnode_modules/.cache/${name}
, otherwise returnnull
node_modules/.cache
exists: If it is writeable, returnnode_modules/.cache/${name}
, otherwise returnnull
node_modules
is writeable, returnnode_modules/.cache/${name}
, otherwise returnnull
As a workaround for now, I can specify the cache dir using the
CACHE_DIR
environment variable.