insightcas.blogg.se - Npm config set prefix

This can really screw things up for you if you try to do npm in the same directory or project later on.

Running sudo npm install (without -g) will create a local directory that can only be altered by the root user.

Due to how npm is set up and the fact that you can alter the registry and it can use DNS, it is possible that you will accidentally install a malicious package in general, install a malicious package masquerading as a perfectly valid package, or install a package with good intentions that may run scripts that are somehow detrimental to your system if run as root.

npm install and others have the ability to run arbitrary scripts.

Sudo npm install (and sudo npm $ANYTHING) is still a bad idea ™ for the at least following reasons: Most of the examples should work on any popular OS with minor modifications.ĭevelopment machines, production machines, or machines from any environment shouldn’t be using sudo npm or sudo yarn (and probably shouldn’t be using sudo at all, but that’s another story). The advice here also applies universally, but the specific examples are tailored to local development on OS X.

I feel that this needs a bit of a rehash since I’ve learned some new techniques for managing Node.js and global modules on my development machine. That is to say, you should never do sudo npm … anything. This is a rehash of an article I wrote in 2015 about how you shouldn’t use the sudo command with npm.