⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.247
Server IP:
45.79.8.107
Server:
Linux localhost 5.15.0-140-generic #150-Ubuntu SMP Sat Apr 12 06:00:09 UTC 2025 x86_64
Server Software:
nginx/1.18.0
PHP Version:
8.1.2-1ubuntu2.21
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
proc
/
452945
/
root
/
usr
/
share
/
doc
/
composer
/
faqs
/
View File Name :
how-to-install-untrusted-packages-safely.md
# How do I install untrusted packages safely? Is it safe to run Composer as superuser or root? Certain Composer commands, including `exec`, `install`, and `update` allow third party code to execute on your system. This is from its "plugins" and "scripts" features. Plugins and scripts have full access to the user account which runs Composer. For this reason, it is strongly advised to **avoid running Composer as super-user/root**. You can disable plugins and scripts during package installation or updates with the following syntax so only Composer's code, and no third party code, will execute: ```sh php composer.phar install --no-plugins --no-scripts ... php composer.phar update --no-plugins --no-scripts ... ``` The `exec` command will always run third party code as the user which runs `composer`. In some cases, like in CI systems or such where you want to install untrusted dependencies, the safest way to do it is to run the above command. See [Environment variable - COMPOSER_ALLOW_SUPERUSER](../03-cli.md#composer-allow-superuser) for more info on how to disable warning