Security News
ESLint is Now Language-Agnostic: Linting JSON, Markdown, and Beyond
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
downgrade-root
Advanced tools
The downgrade-root npm package allows you to drop root privileges in a Node.js application. This is particularly useful for applications that need to start with root privileges to bind to low-numbered ports but should run with lower privileges for security reasons.
Drop root privileges
This feature allows you to drop root privileges in your Node.js application. By calling downgradeRoot(), the process will switch to a non-root user, enhancing security.
const downgradeRoot = require('downgrade-root');
downgradeRoot();
Specify user and group
This feature allows you to specify the user and group to switch to when dropping root privileges. This can be useful if you need to run the application under a specific user and group.
const downgradeRoot = require('downgrade-root');
downgradeRoot('username', 'groupname');
The uid-number package allows you to convert a username/groupname to a UID/GID. While it doesn't directly drop root privileges, it can be used in conjunction with other methods to achieve similar functionality.
Try to downgrade the permissions of a process with root privileges
Usually applies to a process started with sudo
.
Windows is gracefully ignored as it lacks a way to set UID.
$ npm install --save downgrade-root
var downgradeRoot = require('downgrade-root');
try {
downgradeRoot();
} catch (err) {
console.error('Couldn\'t downgrade permissions');
}
Useful for trying to downgrade permission before blocking using your app as root.
MIT © Sindre Sorhus
FAQs
Try to downgrade the permissions of a process with root privileges
The npm package downgrade-root receives a total of 210,816 weekly downloads. As such, downgrade-root popularity was classified as popular.
We found that downgrade-root demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
Security News
Members Hub is conducting large-scale campaigns to artificially boost Discord server metrics, undermining community trust and platform integrity.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.