t2mc9g
Last Updated: February 25, 2016
·
4.834K
· icflorescu
Icflorescu

Don't sudo npm

I've seen sudo npm [...] in a lot of tips and gists (including some of mine :-P). While this can arguably be ok on a development machine, it's not a very smart thing to do, since npm packages can run arbitrary scripts and commands, which is unsafe, to say the least.

Don't sudo npm

But, for some reason, the official Node.js installation package for OS X won't automatically adjust the necessary folder permissions for you...

If you already used the official installer, there's an easy way to repair it:

sudo chown -R $USER /usr/local

If you're installing Node.js with homebrew (brew install nodejs), everything should be set up properly.

6 Responses
Add your response

10316
Steven wilson pen and ink by ergasterd d4syzje

You will be locking /usr/local to a single user.

over 1 year ago ·
10317
Icflorescu

@seuros Yes, you would. Which is still better than sudo, I think. If you know of a better way, please share your thoughts :-)

over 1 year ago ·
10318
Steven wilson pen and ink by ergasterd d4syzje

You can chown the folder to a particular group (npm) for example. Then you can add the users that can install to that group, with this method you can have more 1 user able to install npm.

over 1 year ago ·
10319
Icflorescu

@seuros Nice, but a bit too complicated for a development machine, IMO.

Also, due to an issue in the homebrew package, I'd say the fastest & easiest way to get a Node.js development environment is still the official installer + sudo chown -R $USER /usr/local.

over 1 year ago ·
10369
052ee0d106425f379a2a6d9f0c8187f1

for the production server, i don't think it's a good idea to install any npm modules globally.

just run the one in node_modules/.bin

over 1 year ago ·
10383
Icflorescu

@zhuangya Totally agree. But on a development machine, people need to globally install things like nodemon, coffee, etc...

over 1 year ago ·