T
hanks in advance for any help I can get.
I am trying to install packages like grunt, bower, and yeoman using nodejs and the NPM in my mac OSX 10.8's terminal.
I check node and NPM's versions to confirm they are installed correctly and have found that to be true.
However when I begin to run a command to install a package like bower, using the following:
npm install -g bower
I get various amounts of errors coming up. I am trying to avoid using the sudo command. I tried using sudo, but afterwards I would get a response "command not found." I have a feeling the packages may not be in the correct folders or directories but I am unclear on what to do next.
For your reference these are the errors I get:
npm ERR! Error: EACCES, unlink '/Users/myname/.node/lib/node_modules/bower/.editorconfig'
npm ERR! { [Error: EACCES, unlink '/Users/myname/.node/lib/node_modules/bower/.editorconfig']
npm ERR! errno: 3,
npm ERR! code: 'EACCES',
npm ERR! path: '/Users/myname/.node/lib/node_modules/bower/.editorconfig' }
npm ERR!
npm ERR! Please try running this command again as root/Administrator.
npm ERR! System Darwin 12.5.0
npm ERR! command "node" "/usr/local/bin/npm" "install" "-g" "bower"
npm ERR! cwd /Users/myname
npm ERR! node -v v0.10.32
npm ERR! npm -v 1.4.28
npm ERR! path /Users/myname/.node/lib/node_modules/bower/.editorconfig
npm ERR! code EACCES
npm ERR! errno 3
npm ERR! stack Error: EACCES, unlink '/Users/myname/.node/lib/node_modules/bower/.editorconfig'
npm ERR! error rolling back Error: EACCES, unlink '/Users/myname/.node/lib/node_modules/bower /.editorconfig'
npm ERR! error rolling back { [Error: EACCES, unlink '/Users/myname/.node/lib/node_modules/bower/.editorconfig']
npm ERR! error rolling back errno: 3,
npm ERR! error rolling back code: 'EACCES',
npm ERR! error rolling back path: '/Users/myname/.node/lib/node_modules/bower/.editorconfig' }
npm ERR! not ok code 0
For privacy, I replaced my own name with the proxy myname in the paths. Moreover, this problem persists when I try installing grunt, and yeoman.
Upon further inspection, I noticed I have two folders. One named 'users' and one name 'usr.' Within 'users', I see a folder called node_modules. However, within 'usr/local/lib/node_modules/npm/node_modules' I noticed there is no bower, grunt, or yeoman files. This is just speculation, but are the files not properly installing into the necessary folders for them to be run in npm?
Any help or input would be extremely appreciated!
UPDATE 10/10/14
For people's reference, I have tried the sudo command to see if it would work, and it displays the following:
/Users/myname/.node/bin/bower -> /Users/myname/.node/lib/node_modules/bower/bin/bower
bower#1.3.12 /Users/myname/.node/lib/node_modules/bower
├── is-root#1.0.0
├── junk#1.0.0
├── stringify-object#1.0.0
├── abbrev#1.0.5
├── chmodr#0.1.0
├── which#1.0.5
├── osenv#0.1.0
├── opn#1.0.0
├── archy#0.0.2
├── rimraf#2.2.8
├── graceful-fs#3.0.3
├── bower-logger#0.2.2
├── lru-cache#2.5.0
├── bower-endpoint-parser#0.2.2
├── lockfile#1.0.0
├── nopt#3.0.1
├── retry#0.6.0
├── tmp#0.0.23
├── q#1.0.1
├── semver#2.3.2
├── p-throttler#0.1.0 (q#0.9.7)
├── request-progress#0.3.0 (throttleit#0.0.2)
├── bower-json#0.4.0 (intersect#0.0.3, deep-extend#0.2.11, graceful-fs#2.0.3)
├── fstream#1.0.2 (inherits#2.0.1)
├── shell-quote#1.4.2 (array-filter#0.0.1, array-reduce#0.0.0, array-map#0.0.0, jsonify#0.0.0)
├── mkdirp#0.5.0 (minimist#0.0.8)
├── promptly#0.2.0 (read#1.0.5)
├── fstream-ignore#1.0.1 (inherits#2.0.1, minimatch#1.0.0)
├── chalk#0.5.0 (escape-string-regexp#1.0.2, ansi-styles#1.1.0, supports-color#0.2.0, strip- ansi#0.3.0, has-ansi#0.1.0)
├── bower-config#0.5.2 (osenv#0.0.3, graceful-fs#2.0.3, optimist#0.6.1)
├── glob#4.0.6 (inherits#2.0.1, minimatch#1.0.0, once#1.3.1)
├── tar-fs#0.5.2 (pump#0.3.5, tar-stream#0.4.7)
├── decompress-zip#0.0.8 (nopt#2.2.1, mkpath#0.1.0, touch#0.0.2, readable-stream#1.1.13, binary#0.3.0)
├── request#2.42.0 (caseless#0.6.0, json-stringify-safe#5.0.0, aws-sign2#0.5.0, forever-agent#0.5.2, stringstream#0.0.4, oauth-sign#0.4.0, tunnel-agent#0.4.0, node-uuid#1.4.1, qs#1.2.2, mime-types#1.0.2, bl#0.9.3, form-data#0.1.4, tough-cookie#0.12.1, http-signature#0.10.0, hawk#1.1.1)
├── mout#0.9.1
├── cardinal#0.4.0 (redeyed#0.4.4)
├── bower-registry-client#0.2.1 (graceful-fs#2.0.3, request-replay#0.2.0, lru-cache#2.3.1, async#0.2.10, mkdirp#0.3.5, request#2.27.0)
├── update-notifier#0.2.0 (semver-diff#0.1.0, string-length#0.1.2, latest-version#0.2.0, configstore#0.3.1)
├── inquirer#0.7.1 (figures#1.3.3, mute-stream#0.0.4, through#2.3.6, readline2#0.1.0, lodash#2.4.1, rx#2.3.12, cli-color#0.3.2)
├── handlebars#2.0.0 (optimist#0.3.7, uglify-js#2.3.6)
└── insight#0.4.3 (object-assign#1.0.0, async#0.9.0, chalk#0.5.1, os-name#1.0.1, lodash.debounce#2.4.1, tough-cookie#0.12.1, configstore#0.3.1, inquirer#0.6.0)
================================
However, the above is not a proper solution. When I try running a check to see if bower is installed like by typing bower -v or bower --version or any other bower command, I get "command not found." What is going on?
UPDATE 10/11/14
So nothing I have tried so far has given me the ability to run the command 'npm install -g bower.'
Out of curiosity, as I have mentioned before, I have ran the 'sudo npm install -g bower command' which appeared to install bower. However, typing any bower commands still yields 'command not found.' Upon trying sudo bower commands leads to 'command not found' as well. What I do not understand though is that when I run the command 'npm ls' to look at what the NPM has installed, I interestingly have a list of the following installed packages. You do not need to read the list as it is long, but take note of how the first item appears to be bower. If this is true, and it means that bower was in fact installed by npm, why therefore, are bower commands not working?
/Users/myname.
├─┬ bower#1.3.12
│ ├── abbrev#1.0.5
│ ├── archy#0.0.2
│ ├─┬ bower-config#0.5.2
│ │ ├── graceful-fs#2.0.3
│ │ ├─┬ optimist#0.6.1
│ │ │ ├── minimist#0.0.10
│ │ │ └── wordwrap#0.0.2
│ │ └── osenv#0.0.3
│ ├── bower-endpoint-parser#0.2.2
│ ├─┬ bower-json#0.4.0
│ │ ├── deep-extend#0.2.11
│ │ ├── graceful-fs#2.0.3
│ │ └── intersect#0.0.3
│ ├── bower-logger#0.2.2
│ ├─┬ bower-registry-client#0.2.1
│ │ ├── async#0.2.10
│ │ ├── graceful-fs#2.0.3
│ │ ├── lru-cache#2.3.1
│ │ ├── mkdirp#0.3.5
│ │ ├─┬ request#2.27.0
│ │ │ ├── aws-sign#0.3.0
│ │ │ ├── cookie-jar#0.3.0
│ │ │ ├── forever-agent#0.5.2
│ │ │ ├─┬ form-data#0.1.4
│ │ │ │ ├── async#0.9.0
│ │ │ │ └─┬ combined-stream#0.0.5
│ │ │ │ └── delayed-stream#0.0.5
│ │ │ ├─┬ hawk#1.0.0
│ │ │ │ ├── boom#0.4.2
│ │ │ │ ├── cryptiles#0.2.2
│ │ │ │ ├── hoek#0.9.1
│ │ │ │ └── sntp#0.2.4
│ │ │ ├─┬ http-signature#0.10.0
│ │ │ │ ├── asn1#0.1.11
│ │ │ │ ├── assert-plus#0.1.2
│ │ │ │ └── ctype#0.5.2
│ │ │ ├── json-stringify-safe#5.0.0
│ │ │ ├── mime#1.2.11
│ │ │ ├── node-uuid#1.4.1
│ │ │ ├── oauth-sign#0.3.0
│ │ │ ├── qs#0.6.6
│ │ │ └── tunnel-agent#0.3.0
│ │ └── request-replay#0.2.0
│ ├─┬ cardinal#0.4.0
│ │ └─┬ redeyed#0.4.4
│ │ └── esprima#1.0.4
│ ├─┬ chalk#0.5.0
│ │ ├── ansi-styles#1.1.0
│ │ ├── escape-string-regexp#1.0.2
│ │ ├─┬ has-ansi#0.1.0
│ │ │ └── ansi-regex#0.2.1
│ │ ├─┬ strip-ansi#0.3.0
│ │ │ └── ansi-regex#0.2.1
│ │ └── supports-color#0.2.0
│ ├── chmodr#0.1.0
│ ├─┬ decompress-zip#0.0.8
│ │ ├─┬ binary#0.3.0
│ │ │ ├── buffers#0.1.1
│ │ │ └─┬ chainsaw#0.1.0
│ │ │ └── traverse#0.3.9
│ │ ├── mkpath#0.1.0
│ │ ├── nopt#2.2.1
│ │ ├─┬ readable-stream#1.1.13
│ │ │ ├── core-util-is#1.0.1
│ │ │ ├── inherits#2.0.1
│ │ │ ├── isarray#0.0.1
│ │ │ └── string_decoder#0.10.31
│ │ └─┬ touch#0.0.2
│ │ └── nopt#1.0.10
│ ├─┬ fstream#1.0.2
│ │ └── inherits#2.0.1
│ ├─┬ fstream-ignore#1.0.1
│ │ ├── inherits#2.0.1
│ │ └─┬ minimatch#1.0.0
│ │ └── sigmund#1.0.0
│ ├─┬ glob#4.0.6
│ │ ├── inherits#2.0.1
│ │ ├─┬ minimatch#1.0.0
│ │ │ └── sigmund#1.0.0
│ │ └─┬ once#1.3.1
│ │ └── wrappy#1.0.1
│ ├── graceful-fs#3.0.3
│ ├─┬ handlebars#2.0.0
│ │ ├─┬ optimist#0.3.7
│ │ │ └── wordwrap#0.0.2
│ │ └─┬ uglify-js#2.3.6
│ │ ├── async#0.2.10
│ │ └─┬ source-map#0.1.40
│ │ └── amdefine#0.1.0
│ ├─┬ inquirer#0.7.1
│ │ ├─┬ cli-color#0.3.2
│ │ │ ├── d#0.1.1
│ │ │ ├─┬ es5-ext#0.10.4
│ │ │ │ ├── es6-iterator#0.1.1
│ │ │ │ └── es6-symbol#0.1.1
│ │ │ ├─┬ memoizee#0.3.8
│ │ │ │ ├─┬ es6-weak-map#0.1.2
│ │ │ │ │ ├── es6-iterator#0.1.1
│ │ │ │ │ └── es6-symbol#0.1.1
│ │ │ │ ├── event-emitter#0.3.1
│ │ │ │ ├── lru-queue#0.1.0
│ │ │ │ └── next-tick#0.2.2
│ │ │ └─┬ timers-ext#0.1.0
│ │ │ └── next-tick#0.2.2
│ │ ├── figures#1.3.3
│ │ ├── lodash#2.4.1
│ │ ├── mute-stream#0.0.4
│ │ ├─┬ readline2#0.1.0
│ │ │ └─┬ chalk#0.4.0
│ │ │ ├── ansi-styles#1.0.0
│ │ │ ├── has-color#0.1.7
│ │ │ └── strip-ansi#0.1.1
│ │ ├── rx#2.3.12
│ │ └── through#2.3.6
│ ├─┬ insight#0.4.3
│ │ ├── async#0.9.0
│ │ ├─┬ chalk#0.5.1
│ │ │ ├── ansi-styles#1.1.0
│ │ │ ├── escape-string-regexp#1.0.2
│ │ │ ├─┬ has-ansi#0.1.0
│ │ │ │ └── ansi-regex#0.2.1
│ │ │ ├─┬ strip-ansi#0.3.0
│ │ │ │ └── ansi-regex#0.2.1
│ │ │ └── supports-color#0.2.0
│ │ ├─┬ configstore#0.3.1
│ │ │ ├─┬ js-yaml#3.0.2
│ │ │ │ ├─┬ argparse#0.1.15
│ │ │ │ │ ├── underscore#1.4.4
│ │ │ │ │ └── underscore.string#2.3.3
│ │ │ │ └── esprima#1.0.4
│ │ │ ├── object-assign#0.3.1
│ │ │ └── uuid#1.4.2
│ │ ├─┬ inquirer#0.6.0
│ │ │ ├─┬ cli-color#0.3.2
│ │ │ │ ├── d#0.1.1
│ │ │ │ ├─┬ es5-ext#0.10.4
│ │ │ │ │ ├── es6-iterator#0.1.1
│ │ │ │ │ └── es6-symbol#0.1.1
│ │ │ │ ├─┬ memoizee#0.3.8
│ │ │ │ │ ├─┬ es6-weak-map#0.1.2
│ │ │ │ │ │ ├── es6-iterator#0.1.1
│ │ │ │ │ │ └── es6-symbol#0.1.1
│ │ │ │ │ ├── event-emitter#0.3.1
│ │ │ │ │ ├── lru-queue#0.1.0
│ │ │ │ │ └── next-tick#0.2.2
│ │ │ │ └─┬ timers-ext#0.1.0
│ │ │ │ └── next-tick#0.2.2
│ │ │ ├── lodash#2.4.1
│ │ │ ├── mute-stream#0.0.4
│ │ │ ├─┬ readline2#0.1.0
│ │ │ │ └─┬ chalk#0.4.0
│ │ │ │ ├── ansi-styles#1.0.0
│ │ │ │ ├── has-color#0.1.7
│ │ │ │ └── strip-ansi#0.1.1
│ │ │ ├── rx#2.3.12
│ │ │ └── through#2.3.6
│ │ ├─┬ lodash.debounce#2.4.1
│ │ │ ├── lodash.isfunction#2.4.1
│ │ │ ├─┬ lodash.isobject#2.4.1
│ │ │ │ └── lodash._objecttypes#2.4.1
│ │ │ └─┬ lodash.now#2.4.1
│ │ │ └── lodash._isnative#2.4.1
│ │ ├── object-assign#1.0.0
│ │ ├─┬ os-name#1.0.1
│ │ │ ├── minimist#1.1.0
│ │ │ └── osx-release#1.0.0
│ │ └─┬ tough-cookie#0.12.1
│ │ └── punycode#1.3.1
│ ├── is-root#1.0.0
│ ├── junk#1.0.0
│ ├── lockfile#1.0.0
│ ├── lru-cache#2.5.0
│ ├─┬ mkdirp#0.5.0
│ │ └── minimist#0.0.8
│ ├── mout#0.9.1
│ ├── nopt#3.0.1
│ ├── opn#1.0.0
│ ├── osenv#0.1.0
│ ├─┬ p-throttler#0.1.0
│ │ └── q#0.9.7
│ ├─┬ promptly#0.2.0
│ │ └─┬ read#1.0.5
│ │ └── mute-stream#0.0.4
│ ├── q#1.0.1
│ ├─┬ request#2.42.0
│ │ ├── aws-sign2#0.5.0
│ │ ├─┬ bl#0.9.3
│ │ │ └─┬ readable-stream#1.0.33-1
│ │ │ ├── core-util-is#1.0.1
│ │ │ ├── inherits#2.0.1
│ │ │ ├── isarray#0.0.1
│ │ │ └── string_decoder#0.10.31
│ │ ├── caseless#0.6.0
│ │ ├── forever-agent#0.5.2
│ │ ├─┬ form-data#0.1.4
│ │ │ ├── async#0.9.0
│ │ │ ├─┬ combined-stream#0.0.5
│ │ │ │ └── delayed-stream#0.0.5
│ │ │ └── mime#1.2.11
│ │ ├─┬ hawk#1.1.1
│ │ │ ├── boom#0.4.2
│ │ │ ├── cryptiles#0.2.2
│ │ │ ├── hoek#0.9.1
│ │ │ └── sntp#0.2.4
│ │ ├─┬ http-signature#0.10.0
│ │ │ ├── asn1#0.1.11
│ │ │ ├── assert-plus#0.1.2
│ │ │ └── ctype#0.5.2
│ │ ├── json-stringify-safe#5.0.0
│ │ ├── mime-types#1.0.2
│ │ ├── node-uuid#1.4.1
│ │ ├── oauth-sign#0.4.0
│ │ ├── qs#1.2.2
│ │ ├── stringstream#0.0.4
│ │ ├─┬ tough-cookie#0.12.1
│ │ │ └── punycode#1.3.1
│ │ └── tunnel-agent#0.4.0
│ ├─┬ request-progress#0.3.0
│ │ └── throttleit#0.0.2
│ ├── retry#0.6.0
│ ├── rimraf#2.2.8
│ ├── semver#2.3.2
│ ├─┬ shell-quote#1.4.2
│ │ ├── array-filter#0.0.1
│ │ ├── array-map#0.0.0
│ │ ├── array-reduce#0.0.0
│ │ └── jsonify#0.0.0
│ ├── stringify-object#1.0.0
│ ├─┬ tar-fs#0.5.2
│ │ ├─┬ pump#0.3.5
│ │ │ ├─┬ end-of-stream#1.0.0
│ │ │ │ └─┬ once#1.3.1
│ │ │ │ └── wrappy#1.0.1
│ │ │ └── once#1.2.0
│ │ └─┬ tar-stream#0.4.7
│ │ ├── bl#0.9.3
│ │ ├─┬ end-of-stream#1.1.0
│ │ │ └─┬ once#1.3.1
│ │ │ └── wrappy#1.0.1
│ │ ├─┬ readable-stream#1.0.33-1
│ │ │ ├── core-util-is#1.0.1
│ │ │ ├── inherits#2.0.1
│ │ │ ├── isarray#0.0.1
│ │ │ └── string_decoder#0.10.31
│ │ └── xtend#4.0.0
│ ├── tmp#0.0.23
│ ├─┬ update-notifier#0.2.0
│ │ ├─┬ configstore#0.3.1
│ │ │ ├─┬ js-yaml#3.0.2
│ │ │ │ ├─┬ argparse#0.1.15
│ │ │ │ │ ├── underscore#1.4.4
│ │ │ │ │ └── underscore.string#2.3.3
│ │ │ │ └── esprima#1.0.4
│ │ │ ├── object-assign#0.3.1
│ │ │ └── uuid#1.4.2
│ │ ├─┬ latest-version#0.2.0
│ │ │ └─┬ package-json#0.2.0
│ │ │ ├─┬ got#0.3.0
│ │ │ │ └── object-assign#0.3.1
│ │ │ └─┬ registry-url#0.1.1
│ │ │ └─┬ npmconf#2.1.1
│ │ │ ├─┬ config-chain#1.1.8
│ │ │ │ └── proto-list#1.2.3
│ │ │ ├── inherits#2.0.1
│ │ │ ├── ini#1.3.0
│ │ │ ├─┬ once#1.3.1
│ │ │ │ └── wrappy#1.0.1
│ │ │ └── uid-number#0.0.5
│ │ ├── semver-diff#0.1.0
│ │ └─┬ string-length#0.1.2
│ │ └─┬ strip-ansi#0.2.2
│ │ └── ansi-regex#0.1.0
│ └── which#1.0.5
├─┬ easyimage#1.0.3
│ └── q#1.0.1
├─┬ grunt#0.4.5
│ ├── async#0.1.22
│ ├── coffee-script#1.3.3
│ ├── colors#0.6.2
│ ├── dateformat#1.0.2-1.2.3
│ ├── eventemitter2#0.4.14
│ ├── exit#0.1.2
│ ├─┬ findup-sync#0.1.3
│ │ ├─┬ glob#3.2.11
│ │ │ ├── inherits#2.0.1
│ │ │ └─┬ minimatch#0.3.0
│ │ │ ├── lru-cache#2.5.0
│ │ │ └── sigmund#1.0.0
│ │ └── lodash#2.4.1
│ ├── getobject#0.1.0
│ ├─┬ glob#3.1.21
│ │ ├── graceful-fs#1.2.3
│ │ └── inherits#1.0.0
│ ├─┬ grunt-legacy-log#0.1.1
│ │ ├── lodash#2.4.1
│ │ └── underscore.string#2.3.3
│ ├── grunt-legacy-util#0.2.0
│ ├── hooker#0.2.3
│ ├── iconv-lite#0.2.11
│ ├─┬ js-yaml#2.0.5
│ │ ├─┬ argparse#0.1.15
│ │ │ ├── underscore#1.4.4
│ │ │ └── underscore.string#2.3.3
│ │ └── esprima#1.0.4
│ ├── lodash#0.9.2
│ ├─┬ minimatch#0.2.14
│ │ ├── lru-cache#2.5.0
│ │ └── sigmund#1.0.0
│ ├─┬ nopt#1.0.10
│ │ └── abbrev#1.0.5
│ ├── rimraf#2.2.8
│ ├── underscore.string#2.2.1
│ └── which#1.0.5
└─┬ grunt-bower-install#1.6.0
├─┬ bower-config#0.5.2
│ ├── graceful-fs#2.0.3
│ ├── mout#0.9.1
│ ├─┬ optimist#0.6.1
│ │ ├── minimist#0.0.10
│ │ └── wordwrap#0.0.2
│ └── osenv#0.0.3
└─┬ wiredep#1.5.0
├─┬ chalk#0.1.1
│ ├── ansi-styles#0.1.2
│ └── has-color#0.1.7
├─┬ glob#3.2.11
│ ├── inherits#2.0.1
│ └─┬ minimatch#0.3.0
│ ├── lru-cache#2.5.0
│ └── sigmund#1.0.0
├── lodash#1.3.1
└─┬ through2#0.4.2
├─┬ readable-stream#1.0.33-1
│ ├── core-util-is#1.0.1
│ ├── inherits#2.0.1
│ ├── isarray#0.0.1
│ └── string_decoder#0.10.31
└─┬ xtend#2.1.2
└── object-keys#0.4.0
This solved the problem for me:
sudo chown -R `whoami` ~/.node/lib/node_modules/bower/
npm install -g bower
bower -v
1.3.12
You shouldn't have to run npm install as sudo.
This worked for me:
I basically gave my user permissions to the directory mentioned right after this -> stack Error: EACCES, unlink..., in your case it would be something like sudo chown -R USERNAME /Users/myname/.
For people who are new to this, don't forget to change USERNAME in the command above with your own, if you don't know your username, simply run whoami to get it.
After that you can install any package without the need to use sudo, npm install -g SomePackage.
Run the global (-g) installs as admin.
> sudo npm install -g bower
You got this error -
npm ERR! Please try running this command again as root/Administrator.
***** UPDATE BELOW *****
Check if it is installed and get the version
> bower -v
You might not be able to see bower now because it installed as admin. Try getting the version number by running
> sudo bower -v
You should see the version number now.
Take ownership of the package with chown
> cd /Users/<username>/.npm
> chown <username> bower*
I personally take ownership of everything in the /Users/ directory. It is your directory and not global.
> chown <username> *
***** UPDATE 2 BELOW *****
It looks like it's a PATH problem now. Do you see the npm directory in the PATH when you type
> echo $PATH
I use MacPorts so npm and node install in the /opt/local/bin and /opt/local/sbin directories. I did a quick check on the net and it looks like you need to have the following /usr/local/bin if you installed the package from the node site.
Check out this article about installing node (particularly the part about the PATH.
That link also references this article on how to modify your PATH.
Hope that helps.
I was having similar issues when trying to install bower through NPM.
I am not an expert on this but was sure it was connected to $PATH and found 2 articles which in combination fixed this for me perfectly.
The first is this gist by Dan Haerbert: https://gist.github.com/DanHerbert/9520689
Dan says
"If you're a Mac Homebrew user and you installed node via Homebrew,
there is a major philosophical issue with the way Homebrew and NPM
work together. If you install node with Homebrew and then try to do
npm update npm -g, you will see an error like this:"
The error he shows is very similar to your original error.
His solution is to re-install node but to make sure that NPM is not installed via homebrew since, as he says:
npm is its own package manager and it is therefore
better to have npm manage itself and its packages instead of letting
Homebrew do it. Also, using the Homebrew version of npm requires sudo
to install global packages. That's also a very bad idea.
He says to uninstall node and then re-install it with the following commands:
brew install node --without-npm
echo prefix=~/.node >> ~/.npmrc
curl -L https://www.npmjs.org/install.sh | sh
And then to finish up with
export PATH="$HOME/.node/bin:$PATH"
This worked for me and fixed all my issues. I was able to run 'npm install -g bower' without getting the error message.
Finally, before I did the steps above, I wanted to make sure that I had fully uninstalled node & npm. To do that, I followed the following steps from stackoverflow question 11177954, specifically from the answer by Dominic Tancredi, who says:
To recap, the best way (I've found) to completely uninstall node + npm
is to do the following:
go to /usr/local/lib and delete any node and node_modules
go to /usr/local/include and delete any node and node_modules directory
if you installed with brew install node, then run brew uninstall node in
your terminal
check your Home directory for any local or lib or include folders, and delete any node or node_modules from there
go to /usr/local/bin and delete any node executable You may need to do the
additional instructions as well:
sudo rm /usr/local/bin/npm
sudo rm /usr/local/share/man/man1/node.1
sudo rm /usr/local/lib/dtrace/node.d
sudo rm -rf ~/.npm
sudo rm -rf ~/.node-gyp
sudo rm /opt/local/bin/node
sudo rm /opt/local/include/node
sudo rm -rf /opt/local/lib/node_modules
I hope that is of help to someone :-)
I had a similar issue with my mac. I did the followings to solve the problem.
open 'Disk Utility' application
select your hard drive.
run verify disk permissions
run repair disk permissions
you need to chmod and change the file permission for all the files inside /Users//.config/configstore/
should work fine after that. Mac users may have to switch to root using su which they have to enable from system preferences before running chmod command.
Related
I try install my project in prod:
$ cat package.json
{
"name": "socket-server",
"version": "1.0.0",
"description": "real time server",
"main": "package",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"author": "",
"license": "ISC",
"dependencies": {
"express": "^4.13.3",
"socket.io": "^2.1.1",
"uglify": "^0.1.5"
}
}
with cmd : sudo npm install but there is error :
$sudo npm audit
=== npm audit security report ===
# Run npm install socket.io#2.1.1 to resolve 9 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ socket.io │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ socket.io > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ socket.io │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ socket.io > engine.io > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ socket.io │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ socket.io > socket.io-adapter > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ socket.io │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ socket.io > socket.io-client > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ socket.io │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ socket.io > socket.io-client > engine.io-client > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ socket.io │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ socket.io > socket.io-adapter > socket.io-parser > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ socket.io │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ socket.io > socket.io-client > socket.io-parser > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ socket.io │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ socket.io > socket.io-parser > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ parsejson │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ socket.io │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ socket.io > socket.io-client > engine.io-client > parsejson │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/528 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ uglify │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ uglify > grunt > findup-sync > glob > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ uglify │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ uglify > grunt > glob > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ uglify │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ uglify > grunt > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ uglify │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ uglify > grunt > findup-sync > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ uglify │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ uglify > grunt > grunt-legacy-log > grunt-legacy-log-utils > │
│ │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ uglify │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ uglify > grunt > grunt-legacy-log > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ uglify │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ uglify > grunt > grunt-legacy-util > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ uglify │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ uglify > grunt > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ uglify-js │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=2.6.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ uglify │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ uglify > grunt-contrib-uglify > uglify-js │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/48 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 18 vulnerabilities (14 low, 4 high) in 291 scanned packages
9 vulnerabilities require semver-major dependency updates.
9 vulnerabilities require manual review. See the full report for details.
I try like it said :
$ sudo npm audit fix --force
npm WARN using --force I sure hope you know what you are doing.
npm WARN socket-server#1.0.0 No repository field.
+ socket.io#2.1.1
added 2 packages from 2 contributors, removed 16 packages and updated 18 packages in 2.228s
fixed 9 of 18 vulnerabilities in 291 scanned packages
9 vulnerabilities required manual review and could not be updated
1 package update for 9 vulns involved breaking changes
(installed due to `--force` option)
So how can I do?
$ npm -v
6.4.1
$ node -v
v8.11.3
Get into a new directly, after typing those three commands:
npm install underscore
npm install lodash
npm install express
I get a node_modules directory with many packages:
$ ls node_modules
accepts cookie-signature encodeurl forwarded lodash mime-db parseurl send underscore
array-flatten debug escape-html fresh media-typer mime-types path-to-regexp serve-static unpipe
content-disposition depd etag http-errors merge-descriptors ms proxy-addr setprototypeof utils-merge
content-type destroy express inherits methods negotiator qs statuses vary
cookie ee-first finalhandler ipaddr.js mime on-finished range-parser type-is
While using npm list, I can get a tree strcture:
$ npm list
/tmp/play/npm
├─┬ express#4.14.0
│ ├─┬ accepts#1.3.3
│ │ ├─┬ mime-types#2.1.13
│ │ │ └── mime-db#1.25.0
│ │ └── negotiator#0.6.1
│ ├── array-flatten#1.1.1
│ ├── content-disposition#0.5.1
│ ├── content-type#1.0.2
│ ├── cookie#0.3.1
│ ├── cookie-signature#1.0.6
│ ├─┬ debug#2.2.0
│ │ └── ms#0.7.1
│ ├── depd#1.1.0
│ ├── encodeurl#1.0.1
│ ├── escape-html#1.0.3
│ ├── etag#1.7.0
│ ├─┬ finalhandler#0.5.0
│ │ ├── statuses#1.3.1
│ │ └── unpipe#1.0.0
│ ├── fresh#0.3.0
│ ├── merge-descriptors#1.0.1
│ ├── methods#1.1.2
│ ├─┬ on-finished#2.3.0
│ │ └── ee-first#1.1.1
│ ├── parseurl#1.3.1
│ ├── path-to-regexp#0.1.7
│ ├─┬ proxy-addr#1.1.2
│ │ ├── forwarded#0.1.0
│ │ └── ipaddr.js#1.1.1
│ ├── qs#6.2.0
│ ├── range-parser#1.2.0
│ ├─┬ send#0.14.1
│ │ ├── destroy#1.0.4
│ │ ├─┬ http-errors#1.5.1
│ │ │ ├── inherits#2.0.3
│ │ │ └── setprototypeof#1.0.2
│ │ └── mime#1.3.4
│ ├── serve-static#1.11.1
│ ├─┬ type-is#1.6.14
│ │ └── media-typer#0.3.0
│ ├── utils-merge#1.0.0
│ └── vary#1.1.0
├── lodash#4.17.2
└── underscore#1.8.3
My question is: from all those dependencies, how does npm list know which ones are my direct dependencies such as undersocre, lodash and express?
note: I don't have a package.json file.
It builds the list on the basis of the dependencies of the modules. The dependencies of the modules are specified in the package.json of each module in the dependencies field. When you install a module npm adds some additional fields to the module's package.json and one of those is the field _requiredBy to store the dependency link in the other direction as well. If you run the npm list command it goes through all the modules and reads the _requiredBy field in package.json of each module.
If you install a module directly without saving it to your package.json, npm adds #USER to the _requiredBy field to signify that you manually installed it and it is not just a dependency of the other modules. Then npm list shows that module in the root of the tree as well.
You can use this command:
npm list --depth=0 2>/dev/null
npm list command will print to stdout all the versions of packages that are installed, as well as their dependencies, in a tree-structure.
So you have only installed three packages
npm install underscore
npm install lodash
npm install express
All other packages are dependency for express package
I'm trying to install Grunt on a local project, when running
npm install grunt-contrib-watch
results in:
sass-test username$ npm install grunt-contrib-watch --save-dev
sass-test#1.0.0 /Users/username/Documents/WEB-DEV/sass-test
└─┬ grunt-contrib-watch#1.0.0
├── async#1.5.2
├─┬ gaze#1.0.0
│ └─┬ globule#0.2.0
│ ├─┬ glob#3.2.11
│ │ ├── inherits#2.0.1
│ │ └── minimatch#0.3.0
│ ├── lodash#2.4.2
│ └─┬ minimatch#0.2.14
│ ├── lru-cache#2.7.3
│ └── sigmund#1.0.1
├── lodash#3.10.1
└─┬ tiny-lr#0.2.1
├─┬ body-parser#1.14.2
│ ├── bytes#2.2.0
│ ├── content-type#1.0.2
│ ├── depd#1.1.0
│ ├─┬ http-errors#1.3.1
│ │ └── statuses#1.3.0
│ ├── iconv-lite#0.4.13
│ ├─┬ on-finished#2.3.0
│ │ └── ee-first#1.1.1
│ ├── qs#5.2.0
│ ├─┬ raw-body#2.1.6
│ │ ├── bytes#2.3.0
│ │ └── unpipe#1.0.0
│ └─┬ type-is#1.6.13
│ ├── media-typer#0.3.0
│ └─┬ mime-types#2.1.11
│ └── mime-db#1.23.0
├─┬ debug#2.2.0
│ └── ms#0.7.1
├─┬ faye-websocket#0.10.0
│ └─┬ websocket-driver#0.6.5
│ └── websocket-extensions#0.1.1
├── livereload-js#2.2.2
├── parseurl#1.3.1
└── qs#5.1.0
Installing all of the above packages into the node_module folder while failing to install the grunt dependancy. If these packages are dependancies for some other installed module, is there a way to find out what this is?
I'm thinking I have perhaps edited the default packages config folder but I am not too confident with npm to know for sure.
does anyone have any advice?
The dependencies installed match exactly with what is shown on the NPM page. Grunt isn't listed as a dependency.
Remember that Grunt is a task runner. It could conceivably run any task that you could add to your gruntfile, but those tasks don't need to know about Grunt itself.
Just install Grunt separately and you'll be good to go.
Is it possible to install grunt.js manually in node.js.
Actually my support team downloaded the grunt.js for windows machine and place in my machine.
Due to my company proxy not able to install via node npm install -g grunt-cli.
So want to install the same form the downloaded package.
or we can install grunt.js without node.js?
Even though it's pretty easy to both install the module manually, just put it in node_modules/grunt or reference it directly require('./path/to/grunt/directory'), the real problem is that you also need to download grunt's dependencies and their dependencies recursively.
└─┬ grunt#0.4.5
├── async#0.1.22
├── coffee-script#1.3.3
├── colors#0.6.2
├── dateformat#1.0.2-1.2.3
├── eventemitter2#0.4.14
├── exit#0.1.2
├─┬ findup-sync#0.1.3
│ ├─┬ glob#3.2.11
│ │ ├── inherits#2.0.1
│ │ └── minimatch#0.3.0
│ └── lodash#2.4.2
├── getobject#0.1.0
├─┬ glob#3.1.21
│ ├── graceful-fs#1.2.3
│ └── inherits#1.0.2
├─┬ grunt-legacy-log#0.1.3
│ ├─┬ grunt-legacy-log-utils#0.1.1
│ │ ├── lodash#2.4.2
│ │ └── underscore.string#2.3.3
│ ├── lodash#2.4.2
│ └── underscore.string#2.3.3
├── grunt-legacy-util#0.2.0
├── hooker#0.2.3
├── iconv-lite#0.2.11
├─┬ js-yaml#2.0.5
│ ├─┬ argparse#0.1.16
│ │ ├── underscore#1.7.0
│ │ └── underscore.string#2.4.0
│ └── esprima#1.0.4
├── lodash#0.9.2
├─┬ minimatch#0.2.14
│ ├── lru-cache#2.7.3
│ └── sigmund#1.0.1
├─┬ nopt#1.0.10
│ └── abbrev#1.0.7
├── rimraf#2.2.8
├── underscore.string#2.2.1
└── which#1.0.9
So either you have to install all these packages, or install them on another machine and copy them, or try to use a packer like browserify, webpack, or something else.
When I cd into my project and npm install express --save it not only injects express into my node_modules but also installs a lot of other dependencies that I do not need or want. I have tried to uninstall and reinstall node and npm. I am using homebrew to install node. Can someone help me understand why this is happening?
npm install express --save
─┬ express#4.13.4
├─┬ accepts#1.2.13
│ ├─┬ mime-types#2.1.9
│ │ └── mime-db#1.21.0
│ └── negotiator#0.5.3
├── array-flatten#1.1.1
├── content-disposition#0.5.1
├── content-type#1.0.1
├── cookie#0.1.5
├── cookie-signature#1.0.6
├─┬ debug#2.2.0
│ └── ms#0.7.1
├── depd#1.1.0
├── escape-html#1.0.3
├── etag#1.7.0
├─┬ finalhandler#0.4.1
│ └── unpipe#1.0.0
├── fresh#0.3.0
├── merge-descriptors#1.0.1
├── methods#1.1.2
├─┬ on-finished#2.3.0
│ └── ee-first#1.1.1
├── parseurl#1.3.1
├── path-to-regexp#0.1.7
├─┬ proxy-addr#1.0.10
│ ├── forwarded#0.1.0
│ └── ipaddr.js#1.0.5
├── qs#4.0.0
├── range-parser#1.0.3
├─┬ send#0.13.1
│ ├── destroy#1.0.4
│ ├─┬ http-errors#1.3.1
│ │ └── inherits#2.0.1
│ ├── mime#1.3.4
│ └── statuses#1.2.1
├── serve-static#1.10.2
├─┬ type-is#1.6.11
│ └── media-typer#0.3.0
├── utils-merge#1.0.0
└── vary#1.0.1
You're likely running npm version 3 or above. This version made it so all dependencies of dependencies are stored in the root node_modules folder.
See here for more info: https://github.com/npm/npm/releases/tag/v3.0.0
Your dependencies will now be installed maximally flat. Insofar as is possible, all of your dependencies, and their dependencies, and THEIR dependencies will be installed in your project's node_modules folder with no nesting. You'll only see modules nested underneath one another when two (or more) modules have conflicting dependencies.
That's normal, the module you're trying to install must have his own dependencies to work properly, so they are installed at the same time in your node_modules