Login/Register
npm command - sudo or not?
Asked Answered
Solved macosnpmsudo
B

5

25

Currently I always run sudo npm install <package-name> but as I understand it's not correct.

I want to have opportunity not to use it as root/Administrator. I followed some advice and used this command sudo chown -R <username> ~/.npm but it won't work...

for example, it's an output of my npm install jade

...
npm http 200 https://registry.npmjs.org/amdefine
npm http GET https://registry.npmjs.org/amdefine/-/amdefine-0.0.5.tgz
npm http 200 https://registry.npmjs.org/amdefine/-/amdefine-0.0.5.tgz
npm ERR! Error: EACCES, symlink '../jade/bin/jade'
npm ERR!  { [Error: EACCES, symlink '../jade/bin/jade'] errno: 3, code: 'EACCES', path: '../jade/bin/jade' }
npm ERR! 
npm ERR! Please try running this command again as root/Administrator.

as you see download started successfully but then failed..

I'm wondering what is the best way to disallow sudo on npm?

Babbittry answered 23/5, 2013 at 21:33 Comment(0)
B
15

It's possible (and advisable) to npm install -g node modules without sudo.

Check the permission of your /usr/local/share/npm/bin folder. I had installed node and npm through brew (without sudo) and that particular folder ended up being owned by root.

This fixed it for once and for all:

$ sudo chown $(whoami) /usr/local/share/npm/bin

(As for disallowing sudo with npm: you'd have to tweak npm for that. Your own node code could make use of https://npmjs.org/package/sudo-block, npm install sudo-block)

EDIT: even though this works, I no longer use -g. Instead use prefix (see next answer), or better yet use NIX https://unix.stackexchange.com/a/381797 (even on OSX)

Bradfield answered 18/8, 2013 at 5:59 Comment(6)
I had to change permissions for both /usr/local/bin and /usr/local/lib/node_modulesWald
@TelmoDias I had to the same too, it seems npm may have changed the directory it uses to install global packagesPiraeus
This is a bad general answer as this creates security issues with user(s) being able to modify binaries in global PATH. The second answer is better.Yee
@Yee I don't disagree. I more and more leave packages local to the user or project folder. Nevertheless, the suggestion is still better than using sudo.Bradfield
What if you had it already installed? How do you find if it was installed with sudo vs not being installed with sudo?Taverner
-1 to answer, see LFH: /usr is shareable, read-only data. That means that /usr should be shareable between various FHS-compliant hosts and must not be written to. Any information that is host-specific or varies with time is stored elsewhere. Large software packages must not use a direct subdirectory under the /usr hierarchy.Garnett
C
14

In my opinion is the cleanest way to specify the npm prefix:

npm config set prefix ~/.node_modules

And then to add the following to you .bash_profile

export PATH=$HOME/.node_modules/bin:$PATH

Now the packages will install into your user directory and no permissions will be harmend.

EDIT: If you can't install yeoman, create a bash file in one of your PATH directories named yodoctor with the following contents

#!/bin/bash
yo doctor

Make the file executable with

chmod +x yodoctor

And now you should be able to install yeoman.

Casuist answered 22/8, 2014 at 13:6 Comment(1)
See npm's recommended options to fix npm permission problem: https://docs.npmjs.com/getting-started/fixing-npm-permissions. This answer (from @febLey) is aligned with NPM's recommendations.Visitation
D
2

You can also do:

sudo chown -R $USER /usr/local

and recursively change the files to your current user.

Doroteya answered 4/9, 2013 at 15:38 Comment(1)
-1 to answer, see LFH: /usr is shareable, read-only data. That means that /usr should be shareable between various FHS-compliant hosts and must not be written to. Any information that is host-specific or varies with time is stored elsewhere. Large software packages must not use a direct subdirectory under the /usr hierarchy.Garnett
A
1

I have found this to be a better solution

sudo chown -R $USER /Users/$USER

This will just change the owner of your user to you and npm should be installed under your user on OS X. Everything that I have been reading says sudo for npm installs is bad and I would have to agree with them as you open yourself up to malicious scripts.

Aweinspiring answered 7/3, 2014 at 19:27 Comment(0)
P
0

The two solutions offered here are are not something I would recommend because they are brute force solutions. Instead, I recommend reading One does not simply sudo npm

Philosophism answered 28/2, 2014 at 21:24 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.