npm command - sudo or not?

macos npm sudo

12,261

Solution 1

It's possible (and advisable) to npm install -g node modules without sudo.

Check the permission of your /usr/local/share/npm/bin folder. I had installed node and npm through brew (without sudo) and that particular folder ended up being owned by root.

This fixed it for once and for all:

$ sudo chown $(whoami) /usr/local/share/npm/bin

(As for disallowing sudo with npm: you'd have to tweak npm for that. Your own node code could make use of https://npmjs.org/package/sudo-block, npm install sudo-block)

EDIT: even though this works, I no longer use -g. Instead use prefix (see next answer), or better yet use NIX https://unix.stackexchange.com/a/381797 (even on OSX)

Solution 2

In my opinion is the cleanest way to specify the npm prefix:

npm config set prefix ~/.node_modules

And then to add the following to you .bash_profile

export PATH=$HOME/.node_modules/bin:$PATH

Now the packages will install into your user directory and no permissions will be harmend.

EDIT: If you can't install yeoman, create a bash file in one of your PATH directories named yodoctor with the following contents

#!/bin/bash
yo doctor

Make the file executable with

chmod +x yodoctor

And now you should be able to install yeoman.

Solution 3

You can also do:

sudo chown -R $USER /usr/local

and recursively change the files to your current user.

Solution 4

I have found this to be a better solution

sudo chown -R $USER /Users/$USER

This will just change the owner of your user to you and npm should be installed under your user on OS X. Everything that I have been reading says sudo for npm installs is bad and I would have to agree with them as you open yourself up to malicious scripts.

View more solutions

12,261

Kosmetika

#SOreadytohelp

Updated on June 04, 2022

Comments

Kosmetika almost 2 years
Currently I always run sudo npm install <package-name> but as I understand it's not correct.

I want to have opportunity not to use it as root/Administrator. I followed some advice and used this command sudo chown -R <username> ~/.npm but it won't work...

for example, it's an output of my npm install jade
```
...
npm http 200 https://registry.npmjs.org/amdefine
npm http GET https://registry.npmjs.org/amdefine/-/amdefine-0.0.5.tgz
npm http 200 https://registry.npmjs.org/amdefine/-/amdefine-0.0.5.tgz
npm ERR! Error: EACCES, symlink '../jade/bin/jade'
npm ERR!  { [Error: EACCES, symlink '../jade/bin/jade'] errno: 3, code: 'EACCES', path: '../jade/bin/jade' }
npm ERR! 
npm ERR! Please try running this command again as root/Administrator.
```
as you see download started successfully but then failed..

I'm wondering what is the best way to disallow sudo on npm?
Yiling almost 9 years

See npm's recommended options to fix npm permission problem: https://docs.npmjs.com/getting-started/fixing-npm-permission‌s. This answer (from @febLey) is aligned with NPM's recommendations.
harvyS over 5 years

-1 to answer, see LFH: /usr is shareable, read-only data. That means that /usr should be shareable between various FHS-compliant hosts and must not be written to. Any information that is host-specific or varies with time is stored elsewhere. Large software packages must not use a direct subdirectory under the /usr hierarchy.