Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unnecessray file permissions on bun.lock #15953

Open
LitoMore opened this issue Dec 23, 2024 · 3 comments · May be fixed by #16018
Open

Unnecessray file permissions on bun.lock #15953

LitoMore opened this issue Dec 23, 2024 · 3 comments · May be fixed by #16018
Labels
bug Something isn't working bun install Something that relates to the npm-compatible client

Comments

@LitoMore
Copy link

What version of Bun is running?

1.1.42

What platform is your computer?

Darwin 24.2.0 arm64 arm

What steps can reproduce the bug?

bun init
bun install --save-text-lockfile
Image

What is the expected behavior?

The file should be -rw-r--r--

What do you see instead?

The file mode is -rwxrwxrwx.

Additional information

The -rwxrwxrwx permission is unnecessary since it's just a text file.

@LitoMore LitoMore added bug Something isn't working needs triage labels Dec 23, 2024
@RiskyMH RiskyMH added bun install Something that relates to the npm-compatible client and removed needs triage labels Dec 25, 2024
@jbergstroem
Copy link
Contributor

Looks intentional:

bun/src/install/lockfile.zig

Lines 2380 to 2391 in 608101c

if (comptime Environment.isPosix) {
// chmod 777 on posix
switch (bun.sys.fchmod(file.handle, 0o777)) {
.err => |err| {
file.close();
_ = bun.sys.unlink(tmpname);
Output.err(err, "failed to change lockfile permissions\n{}", .{});
Global.crash();
},
.result => {},
}
}

@Jarred-Sumner
Copy link
Collaborator

its a hold over from bun.lockb, which is intentionally executable

@LitoMore
Copy link
Author

LitoMore commented Dec 27, 2024

Even the bun.lockb has some unnecessary permssions. For the bun.lockb, it should be -rwxr-xr-x rather than -rwxrwxrwx, IMO.

But this is another topic.

@jbergstroem jbergstroem linked a pull request Dec 27, 2024 that will close this issue
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working bun install Something that relates to the npm-compatible client
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants