Last Updated: February 25, 2016
· icflorescu

Don't sudo npm

I've seen sudo npm [...] in a lot of tips and gists (including some of mine :-P). While this can arguably be ok on a development machine, it's not a very smart thing to do, since npm packages can run arbitrary scripts and commands, which is unsafe, to say the least.

Don't sudo npm

But, for some reason, the official Node.js installation package for OS X won't automatically adjust the necessary folder permissions for you...

If you already used the official installer, there's an easy way to repair it:

sudo chown -R $USER /usr/local

If you're installing Node.js with homebrew (brew install nodejs), everything should be set up properly.

6 Responses
Add your response


You will be locking /usr/local to a single user.

over 1 year ago ·

@seuros Yes, you would. Which is still better than sudo, I think. If you know of a better way, please share your thoughts :-)

over 1 year ago ·

You can chown the folder to a particular group (npm) for example. Then you can add the users that can install to that group, with this method you can have more 1 user able to install npm.

over 1 year ago ·

@seuros Nice, but a bit too complicated for a development machine, IMO.

Also, due to an issue in the homebrew package, I'd say the fastest & easiest way to get a Node.js development environment is still the official installer + sudo chown -R $USER /usr/local.

over 1 year ago ·

for the production server, i don't think it's a good idea to install any npm modules globally.

just run the one in node_modules/.bin

over 1 year ago ·

@zhuangya Totally agree. But on a development machine, people need to globally install things like nodemon, coffee, etc...

over 1 year ago ·