I am trying to install a npm module with:
sudo npm install -g now
However, when I try that, I get a warning:
Warning! Please try installing Now CLI again with the --unsafe-perm option.
Example: npm i -g --unsafe-perm now
This unsafe permission worries me, and I want to make it clear whether I need to follow it to fix the warning, or I can ignore it?
The explanation at https://docs.npmjs.com/misc/config#unsafe-perm doesn't really tell much, for me. This commented from sam-github on Mar 30, 2016 explains much more clearly about the implication.
However, even after reading the two several times, I'm still unclear what --unsafe-perm is doing, and what's the implication. So,
Default: false if running as root
Set to true to suppress the UID/GID switching when running package scripts.
Is the above two "running" telling about the same thing or different things? If it the same thing, then is it the install time or run time?
All I want is to be able to
install it
and let anyone in my system able to use it, with the least security risk
so what should I do?
As you rightly read from unsafe-perm
Default: false if running as root, true otherwise
Type: Boolean
Set to true to suppress the UID/GID switching when running package scripts. If set explicitly to false, then installing as a non-root user will fail.
To answer your first question:
All I want is to be able to install it, follow the steps below.
If you’re going to use sudo to install now, you need to specify the --unsafe-perm option to run npm as the root account. And you can as well do that directly from your terminal by running
sudo npm install --unsafe-perm=true -g now
To answer your next question:
All I want is to be able to let anyone in my system able to use it, with the least security risk
I will advice you run your installation of now on root mood so that any user can use it and won't have the permission of uninstalling it by any means without the root permission. So maybe you should disregard the regular practice
Related
So i've been trying to download and install node.js and npm to should allow me to run expo on my computer. More especifically the cmd "npm install expo-cli --global". When i run it i get the error(s) below. Now, i'm a novice in terminal and navigation of the computer in general, so i'm having troubles underestanding the errors, or what the solution might be. Any help is appreciated
To install a package globally you have to install with root permissions (similar to "Run As Administrator" on windows). You can run:
sudo npm install expo-cli --global
And enter your password at the prompt (keep in mind that even though it won't show up, it's still there).
An alternative solution (if you're not administrator or don't want to use sudo) is giving npm a prefix and adding that to your path. There's a nice guide for that on GitHub: https://github.com/sindresorhus/guides/blob/master/npm-global-without-sudo.md
I took a screenshot of the error message(s) I'm getting when trying to install the Alexa ask-cli.
typed in the command in terminal exactly like it says so in the guide
I also have a current version of node.js which is required.
First of all, “request deprecated” is not the reason which causes the failure of installation. Because ask-sdk is using it so you get the warning. you can find more Here
The problem is, the terminal you used did not have necessary permissions to access the /node_modules folder.
If you follow the instructions, are you sure that you ran the terminal with Run as Administrator option (in Windows) or sudo (in Unix)?
or you can try this:
sudo npm install -g --unsafe-perm=true --allow-root
then it should work perfectly
I'm getting errors with npm while trying to install/update packages without SU permissions on Linux.
The easy way to solve the problem is execute sudo npm install <package>, but I'm not sure if it is a good idea.
Best way is to become the owner of .npm folder, as I found into StackOverflow's questions and blog posts.
My question is: why run npm as SU it isn't a good idea?
Running npm as a super user has a risk of running some untrusted code as a super user which can potentially mess with your entire system. Running npm as an unprivileged user has a risk of running that code with less privileges and it won't be able to mess with the entire system - just with your own files (which can be equally bad, depending on how you look at it).
What I often do and recommend is to install Node in your home directory instead of globally on the system if it's your own computer. That way you don't have to run with sudo or su for npm or even for make install of Node itself.
I run a lot of versions of Node that I compile from sources sometimes with different switches and the convention that I use is to install Node in versioned directories, either globally in /opt (but then you need sudo) or locally in my home directory in ~/opt.
I do it like this:
wget https://nodejs.org/dist/v7.1.0/node-v7.1.0.tar.gz
tar xzvf node-v7.1.0.tar.gz
cd node-v7.1.0
./configure --prefix=$HOME/opt/node-v7.1.0
make && make test && make install
Then I create a symlink ~/opt/node pointing to ~/opt/node-v7.1.0 and I have:
PATH="$HOME/opt/node/bin:$PATH"
in my .profile or .bashrc.
That way I don't have to run as super user for installing Node or for running npm.
As a bonus I can quickly switch my default Node version just by changing the symlink, and at any time I can run any other version if I change the PATH or run Node with a full path like ~/opt/node-v7.0.0/bin/node.
I explained that installation process in more detail in my other answers:
node 5.5.0 already installed but node -v fetches with “v4.2.1” on OS X & homebrew?
NodeJS API with external deps in other language
I don't want to go into too much detail here since this answer is about why running npm as a superuser is not a good idea - this installation process is just one solution to not have to run npm as a superuser.
Other options of setting your npm permissions to avoid running as a superuser are described in Fixing npm permissions in npm docs (thanks to RyanZim for pointing it out in the comments).
I'm executing an npm install as sudo to install copay bitcopay but for some readon, I get this error.
$ sudo npm install
Password:
npm WARN lifecycle copay#2.7.0~preinstall: cannot run in wd %s %s (wd=%s) copay#2.7.0 bower install /Users/Jarvis/Documents/Projects/copay
npm WARN lifecycle copay#2.7.0~postinstall: cannot run in wd %s %s (wd=%s) copay#2.7.0 npm run build /Users/Jarvis/Documents/Projects/copay
copay#2.7.0 /Users/Jarvis/Documents/Projects/copay
I didn't find a good way to solve it. Someone has an idea to fix it?
As I recently discovered, this explanation hits it on the head.
As Manu says:
On digging a bit deep, I found that NPM tries to downgrade its
privileges when it runs scripts. That downgrading the privileges
causes this error.
I was running into a similar problem trying to run in a docker container as root. The "npm install --unsafe-perm" solution worked for me.
jfroma from hacker news says "don't do this". While they explain the situation, they don't provide an explanation for why it's unsafe and refers you to the npm config page , however, that page only explains that it's a true/false configuration around whether priviledges are de-escalated during the install.
Actually, if you look at the broader conversation that jfroma's comment is in you could infer the danger is that an npm package could easily have "rm -fr /" in it. If you run npm as root with --unsafe-perm to install that package, you're going to be sad.
Since I'm running this install in a docker container for a build that I'm re-creating every time from source, it's probably safe enough. I can always go back to the repo to get my stuff back.
If you're trying to install something on your workstation, perhaps adjusting the permissions of your installation would work better?
So I am a little new to working in the terminal and trying to set up yo and a localhost environment. No matter what I do it keeps throwing a permissions denied error. I have installed node and npm already and when I run the yo install
npm install -g yo bower grunt-cli gulp i get this error message. My buddy and I have tried so many different things to fix this but we cant get anywhere. I can access and run using sudo but I need to actually have the permissions to get this working. Help please?
I am sorry if that is not detailed enough, I am new to working in the terminal and may not know entirely what I am doing. If all else fails I was going to reset my desktop to factory settings and start over with setting my users and groups.
Screenshot of errors Here
sudo chown -R `whoami` /usr/local
or
npm install npm -g
...will do the trick.
You're not the first one to experience those problems and they are (finally) actively addressed in npm#3.X.X