Skip to content

Commit 2042628

Browse files
RafaelGSSwraithgar
authored and
aduh95
committed
doc: add section about using npx with permission model
Co-Authored-By: Gar <[email protected]> Signed-off-by: RafaelGSS <[email protected]> PR-URL: #56539 Reviewed-By: Trivikram Kamat <[email protected]> Reviewed-By: Ruy Adorno <[email protected]> Reviewed-By: Marco Ippolito <[email protected]>
1 parent 900c6c3 commit 2042628

File tree

1 file changed

+38
-0
lines changed

1 file changed

+38
-0
lines changed

doc/api/permissions.md

+38
Original file line numberDiff line numberDiff line change
@@ -134,6 +134,43 @@ does not exist, the wildcard will not be added, and access will be limited to
134134
yet, make sure to explicitly include the wildcard:
135135
`/my-path/folder-do-not-exist/*`.
136136

137+
#### Using the Permission Model with `npx`
138+
139+
If you're using [`npx`][] to execute a Node.js script, you can enable the
140+
Permission Model by passing the `--node-options` flag. For example:
141+
142+
```bash
143+
npx --node-options="--permission" package-name
144+
```
145+
146+
This sets the `NODE_OPTIONS` environment variable for all Node.js processes
147+
spawned by [`npx`][], without affecting the `npx` process itself.
148+
149+
**FileSystemRead Error with `npx`**
150+
151+
The above command will likely throw a `FileSystemRead` invalid access error
152+
because Node.js requires file system read access to locate and execute the
153+
package. To avoid this:
154+
155+
1. **Using a Globally Installed Package**
156+
Grant read access to the global `node_modules` directory by running:
157+
158+
```bash
159+
npx --node-options="--permission --allow-fs-read=$(npm prefix -g)" package-name
160+
```
161+
162+
2. **Using the `npx` Cache**
163+
If you are installing the package temporarily or relying on the `npx` cache,
164+
grant read access to the npm cache directory:
165+
166+
```bash
167+
npx --node-options="--permission --allow-fs-read=$(npm config get cache)" package-name
168+
```
169+
170+
Any arguments you would normally pass to `node` (e.g., `--allow-*` flags) can
171+
also be passed through the `--node-options` flag. This flexibility makes it
172+
easy to configure permissions as needed when using `npx`.
173+
137174
#### Permission Model constraints
138175

139176
There are constraints you need to know before using this system:
@@ -174,4 +211,5 @@ There are constraints you need to know before using this system:
174211
[`--allow-wasi`]: cli.md#--allow-wasi
175212
[`--allow-worker`]: cli.md#--allow-worker
176213
[`--permission`]: cli.md#--permission
214+
[`npx`]: https://docs.npmjs.com/cli/commands/npx
177215
[`permission.has()`]: process.md#processpermissionhasscope-reference

0 commit comments

Comments
 (0)