As documented in https://github.com/jiahaog/nativefier/issues/923#issuecomment-599300317 ,
- #923 is caused by installing placeholder app deps at nativefier
*install* time, with yarn (8.0.2) or npm (8.0.3). This is new in
Nativefier 8.x, for the motivations behind it, see
https://github.com/jiahaog/nativefier/pull/898#issuecomment-583865045
- During testing, I did test global installs, but never to a
system / non-user-writable path (my `$npm_config_prefix` is set to
`"$HOME/.node_modules"`)
- But without such a config and when installing globally to a
non-user-writable/system path with `sudo npm i -g nativefier`,
- Installation of nativefier core works...
- ... but then `postinstall` tries to do its job of installing
app deps, and fails in various OS-dependent ways, but all about
access rights.
I suspect that, although main nativefier install runs as `su` with
access rights to system paths, `postinstall` scripts are run *out*
of `su`.
That would make sense for security reasons: out of hook scripts,
npm knows exactly what will be touched in your filesystem: it's the
static contents of the published tarball; a postinstall script with
sudo rights could do nasty dynamic stuff. So, although I don't see
any mention of that in
[npm-scripts docs / hooks](https://docs.npmjs.com/misc/scripts#hook-scripts)
and I haven't dug npm/cli's code, I can understand it.
So, reverting back to `webpack`ing the placeholder app, as done pre-8.0.
