Don't sudo npm
I've seen sudo npm [...] in a lot of tips and gists (including some of mine :-P). While this can arguably be ok on a development machine, it's not a very smart thing to do, since npm packages can run arbitrary scripts and commands, which is unsafe, to say the least.
But, for some reason, the official Node.js installation package for OS X won't automatically adjust the necessary folder permissions for you...
If you already used the official installer, there's an easy way to repair it:
sudo chown -R $USER /usr/localIf you're installing Node.js with homebrew (brew install nodejs), everything should be set up properly.
Written by Ionut-Cristian Florescu
Related protips
6 Responses
You will be locking /usr/local to a single user.
@seuros Yes, you would. Which is still better than sudo, I think. If you know of a better way, please share your thoughts :-)
You can chown the folder to a particular group (npm) for example. Then you can add the users that can install to that group, with this method you can have more 1 user able to install npm.
@seuros Nice, but a bit too complicated for a development machine, IMO.
Also, due to an issue in the homebrew package, I'd say the fastest & easiest way to get a Node.js development environment is still the official installer + sudo chown -R $USER /usr/local.
for the production server, i don't think it's a good idea to install any npm modules globally.
just run the one in node_modules/.bin
@zhuangya Totally agree. But on a development machine, people need to globally install things like nodemon, coffee, etc...
Have a fresh tip? Share with Coderwall community!
