{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 ゆ 、 Hurt° 的问题《Run npm as superuser, it isn't a good idea?》','https://www.manongdao.com/q-129550.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm getting errors with npm while trying to install/update packages without SU permissions on Linux.
The easy way to solve the problem is execute sudo npm install <package>, but I'm not sure if it is a good idea.
Best way is to become the owner of .npm folder, as I found into StackOverflow's questions and blog posts.
My question is: why run npm as SU it isn't a good idea?
Running
npmas a super user has a risk of running some untrusted code as a super user which can potentially mess with your entire system. Runningnpmas an unprivileged user has a risk of running that code with less privileges and it won't be able to mess with the entire system - just with your own files (which can be equally bad, depending on how you look at it).What I often do and recommend is to install Node in your home directory instead of globally on the system if it's your own computer. That way you don't have to run with
sudoorsufornpmor even formake installof Node itself.I run a lot of versions of Node that I compile from sources sometimes with different switches and the convention that I use is to install Node in versioned directories, either globally in
/opt(but then you needsudo) or locally in my home directory in~/opt.I do it like this:
Then I create a symlink
~/opt/nodepointing to~/opt/node-v7.1.0and I have:in my
.profileor.bashrc.That way I don't have to run as super user for installing Node or for running npm.
As a bonus I can quickly switch my default Node version just by changing the symlink, and at any time I can run any other version if I change the PATH or run Node with a full path like
~/opt/node-v7.0.0/bin/node.I explained that installation process in more detail in my other answers:
I don't want to go into too much detail here since this answer is about why running
npmas a superuser is not a good idea - this installation process is just one solution to not have to runnpmas a superuser.Other options of setting your npm permissions to avoid running as a superuser are described in Fixing npm permissions in npm docs (thanks to RyanZim for pointing it out in the comments).