Studio Rgb Uk Fix Privileges Never Again Use Sudo Npm

Don't apply `sudo` with `npm`

Running sudo npm install -g seems to be pretty common communication on the Internet. mean.io, a prominent spider web framework compilation generator/library even suggests doing it on their own homepage.

Using sudo npm install (and potentially sudo npm <anything>) is a bad idea ™. This is an effect for at least a few reasons:

• npm install has the ability to run arbitrary scripts. Due to how npm is set up and the fact that you can alter the registry and information technology can apply DNS, it is possible that y'all will accidentally install a malicious bundle in general, install a malicious package masquerading every bit a perfectly valid package, or install a package with skilful intentions that may run scripts that are somehow detrimental to your system if run as root.
• Running sudo npm install (without -yard) will create a local directory that can but be contradistinct by the root user. This tin can really spiral things up for you if you attempt to exercise npm <something> in the same directory or project later on on.
• Even sudo npm install -g with a valid installation target can mess things up for you and make it hard to utilise npm without sudo under some circumstances in the future -- particularly if you change your npm configuration midstream. The root user can and will create files in your npm cache and potentially a file like ~/.npm/_locks, and future npm install or npm install -g will give you the dreaded EACCES error.

So when information technology comes to using sudo with npm: just don't do it.

npm install -thou for yourself

Most of the time you will be probably be working on a organization that only requires a single user to employ node and globally installed binaries (yourself on your ain machine, some node user on servers). The simplest solution for the npm install -1000 problem is to but alter where the node modules are installed.

Explicit prefix

npm uses the prefix setting to determine where to install globally -- or at least what information technology calls globally. You can see what the prefix is set up to by running npm prefix -g, and information technology's probably something like /usr. This is undesirable. Instead, it would be nice to globally install node modules to a directory the current user has access to.

          npm --prefix=/dwelling/your-user/.global-node-modules install -chiliad grunt-cli        

Of grade y'all can modify the prefix to any you want. Information technology would as well exist a tremendous pain to have to blazon out this --prefix option every time, so fortunately there exists a .npmrc file that npm will utilize to check defaults. Mine looks similar this:

          # ~/.npmrc tmp=/home/ajcrites/files/node-tmp cache=/habitation/ajcrites/.npmcache prefix=/abode/ajcrites/.npm        

You tin can pick whatsoever values yous want of course. A full list of all of the config settings you tin can apply to the npm command or ready in your .npmrc is listed with npm help vii config (that took some digging to discover).

At whatsoever rate, once y'all pick some nice, out-of-the-way subconscious folders, npm install -g volition stop putting all kinds of garbage in your home directory, /usr directory, and diverse other spots when you run npm install -g (and npm install in some cases).

Unfortunately, there doesn't seem to be a configuration setting for where to put npm-debug.log ... still.

In summary, setting prefix in .npmrc or only using the --prefix will allow you to use npm install -thousand without sudo.

But wait! You also have to brand sure that the binaries are on your path. Simply add the $PREFIX/bin to your path. So in my case:

          # .zshrc / .bashrc / .contour / etc. consign PATH=$PATH:$HOME/.npm/bin export NODE_PATH=$NODE_PATH:$Dwelling house/.npm/lib/node_modules        

Note that the setting of NODE_PATH volition cause node to bank check this path for libraries. More information is hither, and this may or may non ever exist desirable. I've just included it for abyss.

Using nvm

Setting up .npmrc, and $PATH can be a lot of work. Well, not really, but imagine that it is.

Also proceed in mind that your current version of npm/node matters. Some libraries may only back up or enforce a requirement of v0.10 whereas yous may exist running v0.12 on your organization.

nvm is an crawly bundle that requires very niggling setup and allows you lot to easily install and switch between node versions. You can even add nvm employ <specific-version> to your profile if you're doing a lot of work with a detail version and you desire to utilize it whatever time you lot kickoff a shell.

And so why is this great? nvm updates your prefix! -- at least if yous haven't already set up one. It volition install binaries to ~/.nvm/<version>/bin. It adds this directory to your $PATH when you run nvm use too! And if you switch back to nvm use system or some other version, it removes it appropriately.

Then merely keep in mind that binaries installed afterwards nvm use volition just be usable when you exercise the same nvm use again (unless you update your path to include them explicitly).

Notation that nvm only does this if you don't take prefix set in your .npmrc. Of course, y'all can still override everything with npm --prefix. If yous accept prefix in your .npmrc or use --prefix, then npm install -k used after nvm use volition still use your prefix settings. I remember that this is usually a practiced thing.

I've meet tiny problems with nvm not being sourced properly. You just need to do source /path/to/nvm/nvm.sh. nvm tries to add this to your profile automatically, but it may not e'er work as expected. Update .zshrc, .bashrc, others every bit needed.

npm install -thousand for a server

The previous department is all perfectly applicable for a server where yous are deploying a node app. Commonly your server will have a user (call it node or whatever y'all want) who is in accuse of running node. Set their .npmrc or just set up up your build jobs to employ --prefix every bit appropriate.

This is still non a use case for sudo npm install.

npm install -g for all users

At that place may be occassion for a system to allow multiple users to globally install and apply node parcel binaries and libraries. In that location is nevertheless no reason to use sudo to do this -- at least not for the npm command.

My solution for this would involve creating a directory to install global node modules to — perhaps in /var, although /usr could be valid ... I'm still wary of this, though since there are not-node things in /usr/bin.

          sudo addgroup npm-global-installers sudo mkdir -p /usr/{bin,lib/node_modules} sudo chgrp -R npm-global-installers !$ sudo chmod -R g+w !$        

!$ above is history expansion for "last word of the previous command," or /usr/{bin,lib/node_modules} in both cases.

This creates a group that can run npm install -1000 to add node modules to /usr/lib. You tin can add trusted users to this group on your system and exercise a true global installation of node modules.

However a major caveat to this solution is that anyone in npm-global-installers can clobber the global installs of others. Individuals can solve this problem just by using their own prefix, but this defeats the purpose of the global installation.

Another solution is to only have an npm-global-intaller user and update his prefix to ~/npm -- so take anybody add ~npm-global-installer/npm to their $PATH. Other users can do these global installations using sudo with the npm-global-installer user (not root -- I haven't tested this and it still may brand some ~/.npm/_locks that you don't have permissions on) or this directory tin can be made group/world writable.

Both of the to a higher place solutions are viable for assuasive multiple users to use node parcel binaries / libraries organization-wide.

Of course if you really want to use another user'southward installed libraries y'all tin update your $NODE_PATH to include it. If you want to use a binary, update your $PATH to include it, or even but do /home/other-user/path/to/node/bin/script (assuming yous tin execute information technology).

I've already run sudo npm install. Aid!

If you're running into weird errors with npm install -- particularly things that say EACCES a lot after you've done sudo npm install in the past information technology'due south near probable a permissions consequence on the directories that npm is trying to modify. This is a consequence of npm beingness dumb in a good manner. It will happily try to do what y'all tell it to do and create files and directories that have root permissions or try to alter these when you have no such permissions.

That being said, once you need to change a file created by sudo npm install you must apply privileges to either change its permissions or remove information technology entirely.

The simplest solution is to do sudo rm -rf node_modules for whatever projection you lot are currently in. Similarly, you may have to practice something akin to sudo rm -rf $(npm prefix -g)/{bin,lib/node_modules} in example y'all globally installed node modules with the wrong prefix. Simply be aware that this volition remove libraries you installed with sudo before, then you will take to install them once again. The right fashion. Consider this your comeuppance.

More specifically pay attending to the output. Read what npm is telling you and find the directory that is causing a problem specifically. Remove it. If you tin't remove it, yous'll have to use sudo rm.

Ultimately you should be able to practise an npm install or npm install -g without using sudo.

Sometimes you may encounter other unrelated issues, though (give npm install oracledb a try!)

Know what you are doing with sudo

I get the thought that a lot of developers learn the lesson

If something doesn't piece of work, effort it again with sudo .

This reminds me of a similar circumstance: if kill doesn't kill a process, use kill -ix. I think that yous could ask a lot of developers which signals kill and kill -nine transport to processes and many would requite you a blank stare in response (SIGTERM AND SIGKILL).

In the aforementioned vein, using sudo is not an reply for everything. In that location'due south a reason why root is called a privileged user. You earn privileges by exercising responsibleness, and chief among those responsibilities is knowing what a control is going to do when y'all really run information technology.

Unless you lot know exactly what a command will do before running it with sudo (or you don't care virtually screwing up the system you're on) ask someone. sudo is something that should be used with intendance, not with frustrated abandon. For that matter, know that visudo and sudoedit exist too!

If you accept annihilation away from this mail service, though, it should be that you never need to do sudo npm for anything.

Information technology's pronounced "sue doo" past the mode.

franklinpapined.blogspot.com

Source: https://medium.com/@ExplosionPills/dont-use-sudo-with-npm-5711d2726aa3

Share this post