corepack: Permission issue on windows.

The node.js installer on windows (*.msi) will choose C:\Program Files\nodejs by default to place node.exe, npm and corepack. As you may know this place requires admin permission, the installer will bring up the UAC and ask for it once.

At the same time, npm (and pnpm) works well here because it will install packages to %appdata%\npm, where no permission is needed.

However, corepack will install pnpm to the same place as corepack by default (which is C:\Program Files\nodejs\node_modules\corepack. This causes permission issue:

> corepack enable
Internal Error: EPERM ....

A workaround is using --install-directory to manually change the install folder to some place without permission, for example %appdata%\corepack.

I hope corepack would use places like %appdata%\corepack on windows to avoid potential EPERM issues.

(BTW, the node.js installer for other systems are likely to choose a place with high permission. It is really an issue on macOS because it generally forbids installing anything globally, in which case users must use brew to correctly install it to a safe place. However I’m not expecting you to fix the installer logic and this is out of scope.)

About this issue

  • Original URL
  • State: open
  • Created 3 years ago
  • Reactions: 23
  • Comments: 17 (2 by maintainers)

Most upvoted comments

For me the issue was that the freshly installed Node.js installation folder had explicit permissions set instead of inheriting them. Right click -> Properties -> Security -> Advanced -> Change permissions -> Enable inheritance solved the problem.

+3
AndreKR on Mar 30, 2023

but it also wouldn’t make the scripts available on the path

Yes, you’re right. But installing to the same place as node.exe would also annoy many users when they don’t run in sudo mode (they shouldn’t). In fact, I was considering %appdata%\npm too because this place is added to path by node.js installer and everything installed by npm i -g <pkg> would go there. But that may cause some conflicts with the npm.

The main problem here is corepack want itself to be treated as the same level as npm. It is half true in being bundled in node.js installers, but it does not have a global path (like %appdata%\npm for npm, set by installers too) to help doing its work. In which case the builtin corepack wouldn’t be much more useful than npm i -g pnpm|yarn.

So here are some answers I guess to solve this issue:

  • Corepack re-uses the npm global dir (%appdata%\npm, you can get it by npm root -g) to install pnpm and generate executable shims (pnpm.cmd) there.

  • Ask the node.js installer to create %appdata%\corepack and add it to path and use that place on Windows by default.

Preknowledge: Permissions of Node.js on Windows

The installer installs node.exe and npm.cmd to C:\Program Files\nodejs. This place requires high permission which generally forbids any program that not run in admin mode to create and modify files, we can call it <q>system scope</q>. So how does npm install -g work? It is because npm installs packages to <q>user scope</q> (%appdata%\npm by default) where no permission is required.

  • npm i -g pnpmC:\Program Files\nodejs\npm.cmd i -g pnpm

    What happens: npm runs in <q>user scope</q>, Windows forbids it edit files in C:\Program Files\, it doesn’t. npm creates some files in %appdata%\npm, like %appdata%\npm\pnpm.cmd.

  • pnpm i -g pkg%appdata%\npm\pnpm.cmd i -g pkg

    What happens: pnpm runs in <q>user scope</q>, pnpm creates some files in its global store (%localappdata%\pnpm by default, no permission is required).

+2
hyrious on Jul 23, 2022
Read more comments on GitHub
← cjs-module-lexer: node ES6 import throws this error.
docker-node: Adding a non-root user with UID 1000 breaks custom builds →