Sha256: 8f19e331afea47fecf78299122bbbb9c9804c930a64c93afcd12f78f592dd82d

Contents?: true

Size: 938 Bytes

Versions: 42

Compression:

Stored size: 938 Bytes

Contents

# How do I install untrusted packages safely? Is it safe to run Composer as superuser or root?

Certain Composer commands, including `exec`, `install`, and `update` allow third party code to
execute on your system. This is from its "plugins" and "scripts" features. Plugins and scripts have
full access to the user account which runs Composer. For this reason, it is strongly advised to
**avoid running Composer as super-user/root**.

You can disable plugins and scripts during package installation or updates with the following
syntax so only Composer's code, and no third party code, will execute:

```sh
composer install --no-plugins --no-scripts ...
composer update --no-plugins --no-scripts ...
```

The `exec` command will always run third party code as the user which runs `composer`.

In some cases, like in CI systems or such where you want to install untrusted dependencies, the
safest way to do it is to run the above command.

Version data entries

42 entries across 42 versions & 1 rubygems

Version Path
dependabot-composer-0.119.0.beta1 helpers/vendor/composer/composer/doc/faqs/how-to-install-untrusted-packages-safely.md
dependabot-composer-0.113.19 helpers/vendor/composer/composer/doc/faqs/how-to-install-untrusted-packages-safely.md
dependabot-composer-0.112.1 helpers/vendor/composer/composer/doc/faqs/how-to-install-untrusted-packages-safely.md
dependabot-composer-0.111.57 helpers/vendor/composer/composer/doc/faqs/how-to-install-untrusted-packages-safely.md
dependabot-composer-0.111.56 helpers/vendor/composer/composer/doc/faqs/how-to-install-untrusted-packages-safely.md
dependabot-composer-0.111.52 helpers/vendor/composer/composer/doc/faqs/how-to-install-untrusted-packages-safely.md
dependabot-composer-0.111.50 helpers/vendor/composer/composer/doc/faqs/how-to-install-untrusted-packages-safely.md
dependabot-composer-0.111.25 helpers/vendor/composer/composer/doc/faqs/how-to-install-untrusted-packages-safely.md
dependabot-composer-0.111.17 helpers/vendor/composer/composer/doc/faqs/how-to-install-untrusted-packages-safely.md
dependabot-composer-0.111.15 helpers/vendor/composer/composer/doc/faqs/how-to-install-untrusted-packages-safely.md
dependabot-composer-0.110.13 helpers/vendor/composer/composer/doc/faqs/how-to-install-untrusted-packages-safely.md
dependabot-composer-0.108.11 helpers/vendor/composer/composer/doc/faqs/how-to-install-untrusted-packages-safely.md
dependabot-composer-0.108.8 helpers/vendor/composer/composer/doc/faqs/how-to-install-untrusted-packages-safely.md
dependabot-composer-0.107.47 helpers/vendor/composer/composer/doc/faqs/how-to-install-untrusted-packages-safely.md
dependabot-composer-0.107.39 helpers/vendor/composer/composer/doc/faqs/how-to-install-untrusted-packages-safely.md
dependabot-composer-0.107.36 helpers/vendor/composer/composer/doc/faqs/how-to-install-untrusted-packages-safely.md
dependabot-composer-0.107.28 helpers/vendor/composer/composer/doc/faqs/how-to-install-untrusted-packages-safely.md
dependabot-composer-0.107.14 helpers/vendor/composer/composer/doc/faqs/how-to-install-untrusted-packages-safely.md
dependabot-composer-0.106.12 helpers/vendor/composer/composer/doc/faqs/how-to-install-untrusted-packages-safely.md
dependabot-composer-0.106.11 helpers/vendor/composer/composer/doc/faqs/how-to-install-untrusted-packages-safely.md