Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

npm sudo global installation & unsafe-perm

Tags:

node.js

npm

npm-install

I am trying to install a npm module with: 

sudo npm install -g now

However, when I try that, I get a warning:

Warning! Please try installing Now CLI again with the --unsafe-perm option.
Example: npm i -g --unsafe-perm now

This unsafe permission worries me, and I want to make it clear whether I need to follow it to fix the warning, or I can ignore it?

The explanation at https://docs.npmjs.com/misc/config#unsafe-perm doesn't really tell much, for me. This commented from sam-github on Mar 30, 2016 explains much more clearly about the implication.

However, even after reading the two several times, I'm still unclear what --unsafe-perm is doing, and what's the implication. So,

  • Default: false if running as root
  • Set to true to suppress the UID/GID switching when running package scripts.

Is the above two "running" telling about the same thing or different things? If it the same thing, then is it the install time or run time?

All I want is to be able to

  • install it
  • and let anyone in my system able to use it, with the least security risk

so what should I do?

like image 433
xpt Avatar asked Mar 03 '18 13:03

xpt

People also ask

How do I install npm globally?

Install Package Globally NPM installs global packages into /<User>/local/lib/node_modules folder. Apply -g in the install command to install package globally.

Can you sudo npm install?

Using "sudo" when installing NPM packages may put your computer at risk, by giving untrusted code administrative privileges. Please do not use "sudo" when installing NPM packages. This work is licensed under a Creative Commons Attribution 4.0 International License.

Should npm install be run as sudo?

Any global installs will cache packages to /root/. npm instead of root -owned files at /home/me/. npm . Just always use sudo -i or sudo -H when running npm install to install global packages and your npm permissions problems will melt away.

1 Answers

As you rightly read from unsafe-perm

  • Default: false if running as root, true otherwise
  • Type: Boolean

Set to true to suppress the UID/GID switching when running package scripts. If set explicitly to false, then installing as a non-root user will fail.

To answer your first question:

All I want is to be able to install it, follow the steps below.

If you’re going to use sudo to install now, you need to specify the --unsafe-perm option to run npm as the root account. And you can as well do that directly from your terminal by running

sudo npm install --unsafe-perm=true -g now

To answer your next question:

All I want is to be able to let anyone in my system able to use it, with the least security risk

I will advice you run your installation of now on root mood so that any user can use it and won't have the permission of uninstalling it by any means without the root permission. So maybe you should disregard the regular practice

like image 116
antzshrek Avatar answered Sep 29 '22 07:09

antzshrek
Sign in to Comment

Related questions

Why does the Node.js event loop require multiple phases?
node.js npm on Android
Starting FOREVER or PM2 as WWW-DATA from a PHP script
Add IOS capability programmatically in Cordova plugin
How to get protobuf.js to output enum strings instead of integers
Not able to connect to grpc from nodejs/python client
Is it normal for Webpack to take over 9GB of memory?
Is it possible to build a full Node.js web application using Kotlin?
Child process not getting killed with Node.JS
Django: JSON Notifications using Redis PubSub, Node.js & Socket.io
How to differentiate between Symfony user roles/groups in socket.io chat
Ternjs for nodejs autocomplete
Express 3 error middleware not being called
Dump the whole HTTP communication as raw data in nodejs
req.handle.writev is not a function
Does npm cache packages?
Delete object from ImmutableJS List based upon property value
Building webpack for production - minified dependencies
Node process object made available to browser client code
Try... Catch in async await not catching error [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!