├── .editorconfig
├── .gitattributes
├── .github
    ├── security.md
    └── workflows
    │   └── main.yml
├── .gitignore
├── .npmrc
├── index.d.ts
├── index.js
├── index.test-d.ts
├── license
├── package.json
├── readme.md
├── screenshot.png
└── test
    ├── docker.js
    ├── sudo.js
    └── user.js


/.editorconfig:
--------------------------------------------------------------------------------
 1 | root = true
 2 | 
 3 | [*]
 4 | indent_style = tab
 5 | end_of_line = lf
 6 | charset = utf-8
 7 | trim_trailing_whitespace = true
 8 | insert_final_newline = true
 9 | 
10 | [*.yml]
11 | indent_style = space
12 | indent_size = 2
13 | 


--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | * text=auto eol=lf
2 | 


--------------------------------------------------------------------------------
/.github/security.md:
--------------------------------------------------------------------------------
1 | # Security Policy
2 | 
3 | To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure.
4 | 


--------------------------------------------------------------------------------
/.github/workflows/main.yml:
--------------------------------------------------------------------------------
 1 | name: CI
 2 | on:
 3 |   - push
 4 |   - pull_request
 5 | jobs:
 6 |   test:
 7 |     name: Node.js ${{ matrix.node-version }}
 8 |     runs-on: ubuntu-latest
 9 |     strategy:
10 |       fail-fast: false
11 |       matrix:
12 |         node-version:
13 |           - 20
14 |           - 18
15 |     steps:
16 |       - uses: actions/checkout@v3
17 |       - uses: actions/setup-node@v3
18 |         with:
19 |           node-version: ${{ matrix.node-version }}
20 |       - run: npm install
21 |       - run: npm test
22 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | node_modules
2 | yarn.lock
3 | 


--------------------------------------------------------------------------------
/.npmrc:
--------------------------------------------------------------------------------
1 | package-lock=false
2 | 


--------------------------------------------------------------------------------
/index.d.ts:
--------------------------------------------------------------------------------
 1 | /**
 2 | Block users from running your app with root permissions. When a file containing this function is run with root permissions it will exit and show an error message telling the user how to fix the problem, so they don't have to run it with `sudo`.
 3 | 
 4 | @param message - A custom message.
 5 | 
 6 | @example
 7 | ```
 8 | import sudoBlock from 'sudo-block';
 9 | 
10 | sudoBlock();
11 | ```
12 | */
13 | export default function sudoBlock(message?: string): void;
14 | 


--------------------------------------------------------------------------------
/index.js:
--------------------------------------------------------------------------------
 1 | import process from 'node:process';
 2 | import chalk from 'chalk';
 3 | import isRoot from 'is-root';
 4 | import isDocker from 'is-docker';
 5 | 
 6 | export default function sudoBlock(message) {
 7 | 	const defaultMessage = chalk`
 8 | {red.bold You are not allowed to run this app with root permissions.}
 9 | If running without {bold sudo} doesn't work, you can either fix your permission problems or change where npm stores global packages by putting {bold ~/npm/bin} in your PATH and running:
10 | {blue npm config set prefix ~/npm}
11 | 
12 | See: {underline https://github.com/sindresorhus/guides/blob/main/npm-global-without-sudo.md}`;
13 | 
14 | 	if (isRoot() && !isDocker()) {
15 | 		console.error(message || defaultMessage);
16 | 		process.exit(77); // eslint-disable-line unicorn/no-process-exit
17 | 	}
18 | }
19 | 


--------------------------------------------------------------------------------
/index.test-d.ts:
--------------------------------------------------------------------------------
1 | import sudoBlock from './index.js';
2 | 
3 | sudoBlock();
4 | sudoBlock('hi');
5 | 


--------------------------------------------------------------------------------
/license:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (https://sindresorhus.com)
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 6 | 
 7 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 8 | 
 9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
10 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"name": "sudo-block",
 3 | 	"version": "5.0.0",
 4 | 	"description": "Block users from running your app with root permissions",
 5 | 	"license": "MIT",
 6 | 	"repository": "sindresorhus/sudo-block",
 7 | 	"funding": "https://github.com/sponsors/sindresorhus",
 8 | 	"author": {
 9 | 		"name": "Sindre Sorhus",
10 | 		"email": "sindresorhus@gmail.com",
11 | 		"url": "https://sindresorhus.com"
12 | 	},
13 | 	"type": "module",
14 | 	"exports": {
15 | 		"types": "./index.d.ts",
16 | 		"default": "./index.js"
17 | 	},
18 | 	"engines": {
19 | 		"node": ">=18"
20 | 	},
21 | 	"scripts": {
22 | 		"//test": "xo && ava && tsd",
23 | 		"test": "xo && tsd"
24 | 	},
25 | 	"files": [
26 | 		"index.js",
27 | 		"index.d.ts"
28 | 	],
29 | 	"keywords": [
30 | 		"sudo",
31 | 		"root",
32 | 		"user",
33 | 		"permissions",
34 | 		"uid",
35 | 		"block",
36 | 		"prevent",
37 | 		"stop"
38 | 	],
39 | 	"dependencies": {
40 | 		"chalk": "^5.3.0",
41 | 		"is-docker": "^3.0.0",
42 | 		"is-root": "^3.0.0"
43 | 	},
44 | 	"devDependencies": {
45 | 		"ava": "^5.3.1",
46 | 		"import-fresh": "^3.3.0",
47 | 		"sinon": "^15.2.0",
48 | 		"tsd": "^0.29.0",
49 | 		"xo": "^0.56.0"
50 | 	}
51 | }
52 | 


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
 1 | # sudo-block
 2 | 
 3 | > Block users from running your app with root permissions
 4 | 
 5 | <img src="screenshot.png" width="660">
 6 | 
 7 | ## Install
 8 | 
 9 | ```sh
10 | npm install sudo-block
11 | ```
12 | 
13 | ## Usage
14 | 
15 | ```js
16 | import sudoBlock from 'sudo-block';
17 | 
18 | sudoBlock();
19 | ```
20 | 
21 | ## API
22 | 
23 | ### sudoBlock(message?)
24 | 
25 | When a file containing this function is run with root permissions it will exit and show an error message telling the user how to fix the problem, so they don't have to run it with `sudo`.
26 | 
27 | #### message
28 | 
29 | Type: `string`
30 | 
31 | A custom message.
32 | 


--------------------------------------------------------------------------------
/screenshot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sindresorhus/sudo-block/e192950b08994f7aee389092985a85428c03d205/screenshot.png


--------------------------------------------------------------------------------
/test/docker.js:
--------------------------------------------------------------------------------
 1 | import process from 'node:process';
 2 | import fs from 'node:fs';
 3 | import test from 'ava';
 4 | import sinon from 'sinon';
 5 | import importFresh from 'import-fresh';
 6 | 
 7 | test.before(() => {
 8 | 	process.getuid = () => 0;
 9 | 	fs.statSync = sinon.stub(fs, 'statSync');
10 | 	fs.statSync.withArgs('/.dockerenv').returns({});
11 | 	sinon.stub(process, 'exit');
12 | 	sinon.stub(console, 'error');
13 | });
14 | 
15 | test.after(() => {
16 | 	fs.statSync.restore();
17 | 	process.exit.restore();
18 | 	console.error.restore();
19 | });
20 | 
21 | test('doesn not prevent docker users', t => {
22 | 	importFresh('../index.js')();
23 | 	t.false(process.exit.called);
24 | 	t.false(console.error.called);
25 | });
26 | 


--------------------------------------------------------------------------------
/test/sudo.js:
--------------------------------------------------------------------------------
 1 | import process from 'node:process';
 2 | import fs from 'node:fs';
 3 | import test from 'ava';
 4 | import sinon from 'sinon';
 5 | import importFresh from 'import-fresh';
 6 | 
 7 | test.before(() => {
 8 | 	process.getuid = () => 0;
 9 | 	fs.statSync = sinon.stub(fs, 'statSync');
10 | 	fs.statSync.withArgs('/.dockerenv').throws('ENOENT, no such file or directory \'/.dockerenv\'');
11 | 	sinon.stub(process, 'exit');
12 | 	sinon.stub(console, 'error');
13 | });
14 | 
15 | test.after(() => {
16 | 	fs.statSync.restore();
17 | 	process.exit.restore();
18 | 	console.error.restore();
19 | });
20 | 
21 | test('prevent sudo', t => {
22 | 	importFresh('../index.js')();
23 | 	t.true(process.exit.calledOnce);
24 | 	t.true(process.exit.calledWith(77));
25 | 	t.true(console.error.calledOnce);
26 | 	t.true(console.error.calledWithMatch(/You are not allowed/));
27 | });
28 | 
29 | test('accept custom messages', t => {
30 | 	importFresh('../index.js')('Thou shalt not sudo!');
31 | 	t.true(console.error.calledWithMatch(/Thou shalt not sudo!/));
32 | });
33 | 


--------------------------------------------------------------------------------
/test/user.js:
--------------------------------------------------------------------------------
 1 | import process from 'node:process';
 2 | import fs from 'node:fs';
 3 | import test from 'ava';
 4 | import sinon from 'sinon';
 5 | import importFresh from 'import-fresh';
 6 | 
 7 | test.before(() => {
 8 | 	process.getuid = () => 1000;
 9 | 	fs.statSync = sinon.stub(fs, 'statSync');
10 | 	fs.statSync.withArgs('/.dockerenv').throws('ENOENT, no such file or directory \'/.dockerenv\'');
11 | 	sinon.stub(process, 'exit');
12 | 	sinon.stub(console, 'error');
13 | });
14 | 
15 | test.after(() => {
16 | 	fs.statSync.restore();
17 | 	process.exit.restore();
18 | 	console.error.restore();
19 | });
20 | 
21 | test('doesn not prevent users', t => {
22 | 	importFresh('../index.js')();
23 | 	t.false(process.exit.called);
24 | 	t.false(console.error.called);
25 | });
26 | 


--------------------------------------------------------------------------------