From e50ea02b707653dcfc4009e643bb3d203084e26a Mon Sep 17 00:00:00 2001
From: Brian Helba <brian.helba@kitware.com>
Date: Thu, 16 Apr 2026 18:54:09 -0400
Subject: [PATCH] [node] - Install pnpm as non-root user to prevent root-owned
 npm cache

Currently, the pnpm installation block runs `npm install -g pnpm` in
a bare subshell as root, unlike every other npm/nvm operation in the
script which uses `su ${USERNAME}`. This causes the npm cache directory
to be created owned by `root:root`, leading to `EACCES` errors for the
non-root user on subsequent npm operations.

This is particularly reproducible on macOS with Rosetta 2 emulation,
where the cache directory may not already exist from prior steps.

Note, the explicit setting of proxy env vars (`http_proxy`, `https_proxy`,
`no_proxy`) is likely a workaround for https://github.com/npm/cli/issues/6835.
No other commands in this script use that workaround anymore, so this change
uses the same `su` syntax as all other commands.
---
 src/node/devcontainer-feature.json | 2 +-
 src/node/install.sh                | 8 +-------
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/src/node/devcontainer-feature.json b/src/node/devcontainer-feature.json
index c8ceb966f..ce25d1778 100644
--- a/src/node/devcontainer-feature.json
+++ b/src/node/devcontainer-feature.json
@@ -1,6 +1,6 @@
 {
     "id": "node",
-    "version": "1.7.1",
+    "version": "1.7.2",
     "name": "Node.js (via nvm), yarn and pnpm.",
     "documentationURL": "https://github.com/devcontainers/features/tree/main/src/node",
     "description": "Installs Node.js, nvm, yarn, pnpm, and needed dependencies.",
diff --git a/src/node/install.sh b/src/node/install.sh
index 1d89abd0a..0e96eb38d 100755
--- a/src/node/install.sh
+++ b/src/node/install.sh
@@ -386,13 +386,7 @@ if [ ! -z "${PNPM_VERSION}" ] && [ "${PNPM_VERSION}" = "none" ]; then
     echo "Ignoring installation of PNPM"
 else
     if bash -c ". '${NVM_DIR}/nvm.sh' && type npm >/dev/null 2>&1"; then
-        (
-            . "${NVM_DIR}/nvm.sh"
-            [ ! -z "$http_proxy" ] && npm set proxy="$http_proxy"
-            [ ! -z "$https_proxy" ] && npm set https-proxy="$https_proxy"
-            [ ! -z "$no_proxy" ] && npm set noproxy="$no_proxy"
-            npm install -g pnpm@$PNPM_VERSION --force
-        )
+        su ${USERNAME} -c "umask 0002 && . '${NVM_DIR}/nvm.sh' && npm install -g pnpm@${PNPM_VERSION} --force"
     else
         echo "Skip installing pnpm because npm is missing"
     fi