In short...
First of all, why does npm suggest that it should only run as non-root? I highly disbelieve that every other package manager (apt, yum, gem, pacman) is wrong for requiring sudo.
Second, when I follow their suggestion (and run npm install as non-root), it won't work (because non-root doesn't have permission to /usr/local/lib). How do I follow their suggestion? I am not going to chown -R $USER /usr/local/lib, because that seems like a very bad idea to me.
Full description...
I installed npm via curl http://npmjs.org/install.sh | sudo sh (the instruction in their README).
When I run sudo npm install mongoose, npm tells me not to run it as root:
npm ERR! sudon't!
npm ERR! sudon't! Running npm as root is not recommended!
npm ERR! sudon't! Seriously, don't do this!
npm ERR! sudon't!
But when I run npm install mongoose without sudo I get the following:
npm info it worked if it ends with ok
npm info using npm#0.2.17
npm info using node#v0.4.0-pre
npm info fetch http://registry.npmjs.org/mongoose/-/mongoose-1.0.7.tgz
npm info calculating sha1 /tmp/npm-1297199132405/1297199132406-0.7044695958029479/tmp.tgz
npm info shasum b3573930a22066fbf3ab745a79329d5eae75b8ae
npm ERR! Could not create /usr/local/lib/node/.npm/.cache/mongoose/1.0.7/package.tgz
npm ERR! Failed creating the tarball.
npm ERR! This is very rare. Perhaps the 'gzip' or 'tar' configs
npm ERR! are set improperly?
npm ERR!
npm ERR! couldn't pack /tmp/npm-1297199132405/1297199132406-0.7044695958029479/contents/package to /usr/local/lib/node/.npm/.cache/mongoose/1.0.7/package.tgz
npm ERR! Error installing mongoose#1.0.7
npm ERR! Error: EACCES, Permission denied '/usr/local/lib/node/.npm/.cache/mongoose'
npm ERR! There appear to be some permission problems
npm ERR! See the section on 'Permission Errors' at
npm ERR! http://github.com/isaacs/npm#readme
npm ERR! This will get better in the future, I promise.
npm not ok
So it tells me I shouldn't use sudo, and then doesn't work if I follow their suggestion.
Which leads to my initial questions above.
Actually, npm does not recommend not running as root. Well, not any more.
It has changed around the same time that you asked your question. This is how the README looked like on February 7, 2011: "Using sudo with npm is Very Not Recommended. Anyone can publish anything, and package installations can run arbitrary scripts." It was explained later in more detail as "Option 4: HOLY COW NOT RECOMMENDED!! You can just use sudo all the time for everything, and ignore the incredibly obnoxious warnings telling you that you're insane for doing this."
See: https://github.com/isaacs/npm/tree/7288a137f3ea7fafc9d4e7d0001a8cd044d3a22e#readme
Now it is actually considered a recommended technique of installing npm:
Simple Install - To install npm with one command, do this:
curl http:/ /npmjs.org/install.sh | sudo sh
See: https://github.com/isaacs/npm/tree/99f804f43327c49ce045ae2c105995636c847145#readme
My advice would be to never do it because it means basically this:
find out what the local DNS (or anyone else spoofing the DNS response or poisoning the DNS cache) says is the IP address of npmjs.org
connect with insecure TCP with that IP (or with whoever says it's his IP) on port 80
trust the router that you think you should talk to (or anyone who gave you the DHCP response said you should talk to) to deliver packets to the right host
possibly go through another layer of transparent caching proxy
trust all other networks between you and the other end of the TCP connection
don't know for sure who you are connected with
cross your fingers
request install.sh script over insecure HTTP with no verification whatsoever
and then run whatever was returned by whoever you're talking to with maximum privileges on your machine without even checking what is it.
As you can see this is really, literally, with no exaggeration giving root shell to whatever you get after asking for a script from the Internet over an insecure connection with no verification whatsoever. There are at least 5 different things that can go wrong here, any of which can lead to an attacker taking total control over your machine:
DHCP spoofing
ARP spoofing
DNS cache poisoning
DNS response spoofing
TCP session hijacking
Also note that using 'sh' instead of 'sudo sh' is usually not any less risky unless you run it as a different user who doesn't have access to your private data, which is usually not the case.
You should use HTTPS connections if available to download such scripts so you could at least verify who you are talking to, and even then I wouldn't run it without reading first. Unfortunately npmjs.org has a self-signed certificate so it doesn't really help in this case.
Fortunately npm is available on GitHub that has a valid SSL certificate and from where you can download it using secure connection. See: github.com/isaacs/npm for details. But make sure that the npm itself doesn't use insecure connections to download the files that it downloads - there should be an option in npm config.
Hope it helps. Good luck!
The simple answer is web servers should never be run as root for well known security reasons, so this goes for npm commands as well.
To start fresh, remove prior Node.js and npm installs as well as these files/directories:
mv ~/.npmrc ~/.npmrc~prior
mv ~/.npm ~/.npm~prior
mv ~/tmp ~/tmp.~prior
mv ~/.npm-init.js ~/.npm-init.js~prior
Solution: Install Node.js (which comes with npm) as NON root (no sudo)
Download Source Code directly from https://nodejs.org/en/download/
Execute the below as yourself (Linux/OS X)
cd node-v8.1.2 # into expanded source dir
export NODE_PARENT=${HOME}/node-v8.1.2 # put this into your ~/.bashrc
Feel free to change above export to whatever location is appropriate
./configure --prefix=${NODE_PARENT}
make -j4 # for dual core ... use -j8 for quad core CPU
make install
which puts the binaries for Node.js and npm as well as its modules repository into $NODE_PARENT, a $USER owned dir which then allows you to issue subsequent npm install xxx commands as yourself.
To reach the binaries for node and npm alter your PATH environment variables in your ~/.bashrc:
export PATH=${NODE_PARENT}/bin:${PATH}
export NODE_PATH=${NODE_PARENT}/lib/node_modules
Then to install packages into that directory (global), as opposed to the current directory (local) always pass in the -g flag (global):
npm install -g someModule
NOTE - at no time are you executing anything npm or node related as root / sudo.
Another reason for not installing NPM packages under root is that it will cause you to face file access problem with packages that are using node-gyp (ex: node-sass) because it builds C++ libs and those are not in the local node_modules folder.
Related
Tried to run this command on ubuntu 18.04
npm install -g pngquant-bin
but I got this error,
[..................] | fetchMetadata: sill resolveWithNewModule npm-conf#1.1.3 checking installable status
npm WARN deprecated gulp-util#3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
/root/.nvm/versions/node/v10.8.0/bin/pngquant -> /root/.nvm/versions/node/v10.8.0/lib/node_modules/pngquant-bin/cli.js
> pngquant-bin#5.0.0 postinstall /root/.nvm/versions/node/v10.8.0/lib/node_modules/pngquant-bin
> node lib/install.js
sh: 1: node: Permission denied
npm ERR! file sh
npm ERR! code ELIFECYCLE
npm ERR! errno ENOENT
npm ERR! syscall spawn
npm ERR! pngquant-bin#5.0.0 postinstall: `node lib/install.js`
npm ERR! spawn ENOENT
npm ERR!
npm ERR! Failed at the pngquant-bin#5.0.0 postinstall script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2018-08-12T18_08_02_197Z-debug.log
Do you do you know how to deal with this?
I tried every solution found in this articles yet not succeeded.
Got the same error sh: 1: node: Permission denied
So this worked for me
npm config set user 0
npm config set unsafe-perm true
These issues happen because of broken packages. Go to the main folder. If using Linux use command
sudo rm -rf node_modules.
After that run this command if you are using yarn
yarn install
If you are using npm run this command
npm install
Delete the node_modules and install it again
sudo rm -rf node_modules
npm install
in fact, npm can't use root account to install anything. if you use root account, npm will create a non-permission account to install. in this case, if the package need to execute writeFile or other operation which need permission, the error node: Permission denied will be raised.
so, you can choose optional arbitrary under:
npm install xxx --unsafe-perm
npm config set unsafe-perm true
create high-permission account dedicate to execute npm install
In my case it was a silly typo, I was forgotten to add node into the front of the start command in package.json. So I've changed:
"scripts": {
"start": "app/server.js"
}
... to:
"scripts": {
"start": "node app/server.js"
}
The /root/.npm/... log path in your original message shows you're already running as root, and (despite what others advise) I'd say this is most likely causing your problem.
My (limited) experience running Node as root is that most npm install runs get quite a long way, but then fail with some variation on the error you showed. The only reliable solution I've found is to not run Node or npm as root at all on Ubuntu. Just use a normal user account to download and unpack the Node installation.
At least one problem with running as root for me turned out to be because some dependency-of-a-dependency npm install script was calling setuid to switch to a less-privileged user. For some reason, it chose UID 500—which doesn't exist on Ubuntu—and consequently lost all its privileges. The 'Permission denied' errors were therefore because I was running as root; setuid doesn't work for a normal user.
I believe this is related to Error: setuid user id does not exist npm ERR! when npm install forever -g.
Solved my problem chmod -R a+x node_modules
As far as my understanding goes the os is blocking your ability to execute commands described in node_modules so by my understanding what this command does is say everything in node_modules is okay to execute.
By the time I found the solution it was 4 AM, so I didn't really bother to figure out what I actually did. If someone knows what -R a+x node_modules does exactly feel free to drop it in the commands and I will make an edit.
I make the chown to project user owner (in USERID) dir and resolv the "permission denied" problem:
sudo chown -R USERID.USERID *
Additionally (and this might be useful for docker) you can override this configuration setting globally via the environment variable npm_config_user -- for example:
ENV npm_config_user=root
I ran into the same error an nothing really helped. I found a medium article explaining how to set up an angular build management. For some reason adding
- npm link #angular/cli#13.2.5
to my build script made it. I basically added all of the recommendations above. So my build script now looks like this
- ...
- npm config set user 0
- npm config set unsafe-perm true
- npm i --force
- npm link #angular/cli#13.2.5
- ...
I hope it helps! I would be happy if someone could explain why it actually worked.
This is an old question but maybe someone still need some help.
This errors often is displayed because you have defined in the package.json just the path. For example:
{
// more definitions
"scripts": {
// other scripts
"getPax8Products": "<filepath>",
// more scripts
},
// more definitions
}
In this case, you need to:
Add the following lines in the very beggining of the script
#!/usr/bin/env node
'use strict';
Give the file execution permission
# in UNIX based
chmod +x <filepath>
You also can modify the package.json and add the node command. However, you need to be aware that NPM will run in the script's directory:
{
// more definitions
"scripts": {
// other scripts
"getPax8Products": "node <filepath>",
// more scripts
},
// more definitions
}
For Deploying with Docker:
make sure /node_modules is deleted or added to dockerignorefile
make sure /dist is deleted or added to dockerignorefile
the problem was solved for me by deleting both files
and build them in the container
For me, I had not installed my dependencies. node_modules did not exist, but I had jest installed globally apparently. Running npm ci and then running npm test solved my issue.
npm install lite-server --save-dev
packages.json:
"scripts": {
"dev": "lite-server",
},
"devDependencies": {
"lite-server": "^2.6.1"
}
npm run dev
I stuck with same issue when tried to install packages into AWS Sagemaker instance
The issue coming because NPM by default install new global packages into ~/.npm-global
When you run npm install -g by root, npm is try to install package into /root/.npm-global/..., and stuck with access denied.
Simply workaround to re-config global folder for npm.
(https://docs.npmjs.com/resolving-eacces-permissions-errors-when-installing-packages-globally)
Here is example of install obj2gltf
mkdir /npm-global
npm config set prefix '/npm-global'
export PATH=/npm-global/bin:$PATH
npm install -g obj2gltf
I had that error too and tried the above solutions without any change. My error was caused because I had Windows (11) with a WSL and NVM installed on both operating systems. I had to uninstall NVM on my Windows to resolve the conflicts.
I think if you develop in your WSL and have a resource installed on both operating systems, a dependency might point to the wrong operating system with the resource (in my case to the NVM on Windows). The WSL user didn't have sufficient permissions to perform any execution on the Windows machine, which lead to the error.
you need root user permission, just add sudo keyword before the command and write your password
sudo npm install -g pngquant-bin
Try to install node at project folder
npm install node
I'm executing an npm install as sudo to install copay bitcopay but for some readon, I get this error.
$ sudo npm install
Password:
npm WARN lifecycle copay#2.7.0~preinstall: cannot run in wd %s %s (wd=%s) copay#2.7.0 bower install /Users/Jarvis/Documents/Projects/copay
npm WARN lifecycle copay#2.7.0~postinstall: cannot run in wd %s %s (wd=%s) copay#2.7.0 npm run build /Users/Jarvis/Documents/Projects/copay
copay#2.7.0 /Users/Jarvis/Documents/Projects/copay
I didn't find a good way to solve it. Someone has an idea to fix it?
As I recently discovered, this explanation hits it on the head.
As Manu says:
On digging a bit deep, I found that NPM tries to downgrade its
privileges when it runs scripts. That downgrading the privileges
causes this error.
I was running into a similar problem trying to run in a docker container as root. The "npm install --unsafe-perm" solution worked for me.
jfroma from hacker news says "don't do this". While they explain the situation, they don't provide an explanation for why it's unsafe and refers you to the npm config page , however, that page only explains that it's a true/false configuration around whether priviledges are de-escalated during the install.
Actually, if you look at the broader conversation that jfroma's comment is in you could infer the danger is that an npm package could easily have "rm -fr /" in it. If you run npm as root with --unsafe-perm to install that package, you're going to be sad.
Since I'm running this install in a docker container for a build that I'm re-creating every time from source, it's probably safe enough. I can always go back to the repo to get my stuff back.
If you're trying to install something on your workstation, perhaps adjusting the permissions of your installation would work better?
Getting errors regarding "node-gyp rebuild" but can't seem to figure out why?
Full error: http://pastebin.com/HJ4z6tie
Perhaps, this links and solutions will be useful for you:
1) https://github.com/hideo55/node-murmurhash3/issues/4
Problem:
When I run the command sudo npm link your NPM is failing.
Solution:
when I use --unsafe-perm=true this NPM works.
2) https://github.com/npm/npm/wiki/Troubleshooting#permission-error
Permission Error
npm ERR! code EPERM
npm ERR! code EACCES
Fix the permissions of your cache with sudo chown -R $(whoami) "$HOME/.npm".
Try again with sudo. e.g. sudo npm install express -g. (You'll probably need to fix cache permissions afterwards, as above).
Reinstall node so it doesn't require sudo.
The EACCES error code means that the process does not have permissions to read/write in the target directory/file. As is common with package managers, this usualy means the module could not be installed to target directory.
This may be fixed by running the command as super user (sudo ...), but preferrably you would just fix the file permissions so that the account that runs the command has necessary permissions to the target directory.
As a side-note, the EACCES error comes from the great Linux itself - see the list of other error codes (or run man errno) one might encounter.
Define environment variable NODE_PATH as such :
export NODE_PARENT=${HOME}/node-v0.12.0
export PATH=${NODE_PARENT}/bin:${PATH} # so executables are found
export NODE_PATH=${NODE_PARENT}/lib/node_modules # so node can find modules
./configure --prefix=${NODE_PARENT}
do this when installing Node from source ... which gives you node and npm
and will avoid all such permission errors ... then install modules as yourself ... no need for root
npm install -g some-global-module
In a restricted environment where not every user has access I would like to be able to use npm offline where ever possible.
My idea is to point the global config at a shared cache directory so that power users can do installs and the dependencies will end up in the cache directory. Other users can then do npm offline installs for anything previously in the cache.
So 2 Questions:
Will this work?
Short of setting up my own local npm repository is there an easier way?
Per documentation:
npm install (with no args in a package dir)
npm install <tarball file>
npm install <tarball url>
npm install <folder>
npm install <name> [--save|--save-dev|--save-optional]
npm install <name>#<tag>
npm install <name>#<version>
npm install <name>#<version range>
npm i (with any of the previous argument usage)
As such, npm allows you to do:
npm install /path/to/folder/containing/ node_modules
For example: npm install ~/Downloads/http-proxy, provided that the node_modules folder resides within http-proxy.
You could set your repository up on an internal (accessible) server and direct people to download by the same name from there.
Thanks for the answers. What I've ended up doing is using https://github.com/rlidwka/sinopia
This acts as a mirror repository. I can give this process internet access and not other users. Then I set a environment variable for all users to point their npm repository at the sinopia instance.
Early days but this seem to be working well.
r3mus is right. Though, for each user it would result in some cognitive overhead and possibly management issues.
What might work better is to have a corporate hosted npm repository (as described here: http://clock.co.uk/tech-blogs/how-to-create-a-private-npmjs-repository) and then just have the users change (once) their registry settings via npm set registry http://yourregistry.com
For build servers, a reasonable strategy is to symlink the node_modules directory against an existing directory where the modules have already been installed.
e.g. my powershell script might read something like this
If (-Not (Test-Path node_modules))
{
& cmd /c mklink /d /j node_modules D:\npm-cache\node_modules
Write-Verbose "Symlinked node_modules"
}
This is my package.json:
{
"name": "my-example-app",
"version": "0.1.0",
"dependencies": {
"request": "*",
"nano": "3.3.x",
"async": "~0.2"
}
}
Now, when I open the cmd and run npm install, the install hangs. What am I doing wrong?
I had the same problem. The reason - wrong proxy was configured and because of that npm was unable to download packages.
So your best bet is to the see the output of
$ npm install --verbose
and identify the problem. If you have never configured proxy, then possible causes can be
Very outdated npm version.
Some problem with your internet connection.
Permissions are not sufficient for npm to modify files.
I was having the same problem. I tried a
npm config set registry http://registry.npmjs.org/
to turn off https. I also tried
npm set progress=false
to turn off the progress bar (it has been reported to slow down downloads).
The problem was with my network driver. I just needed to reboot and the lag went away.
You can try deleting package-lock.json and running npm install afterwards.
This worked for me.
I had the same issue on macOS, after some time struggling and searching around, this answer actually solved the issue for me:
npm config rm proxy
npm config rm https-proxy
npm config set registry http://registry.npmjs.org/
On MacOS, I was able to solve this by
networksetup -setv6off Wi-Fi
After installing, you can revert to the original configuration with
networksetup -setv6automatic Wi-Fi
Updating npm helped me on Mac OS. Use the command:
sudo npm install -g npm#latest
I am behind a corporate proxy, so I usually use an intermediate proxy to enable NTLM authentication.
I had hangs problem with npm install when using CNTLM proxy. With NTLM-APS (a similar proxy) the hangs were gone.
npm cache clear --force has fixed this issue for me in the past.
Furthermore, when running npm install on an air-gapped network (by the way, I provide a description about how to do this with Verdaccio), I had an issue where the install would hang at the very end. Turning off auditing (i.e. npm set audit false) on the machine on the air-gapped network resolved this issue.
While your mileage may vary, running npm cache verify fixed the issue for me.
It was strange but I guess I was just being impatient ran -> npm install --verbose and saw there was progress but it was just really slow!!! All I needed was patience :D
When your ssh key is password protected run ssh-add. npm probably hangs somewhere asking for your password.
Remove node_modules & package-lock.json from previous npm install and install again
rm -rf node_modules package-lock.json
npm install
or
If npm install loader is stuck and then pops up with..
npm ERR! code UNABLE_TO_GET_ISSUER_CERT_LOCALLY
npm ERR! errno UNABLE_TO_GET_ISSUER_CERT_LOCALLY
npm ERR! request to https://registry.npmjs.org/jest failed, reason: unable to get local issuer certificate"
then,
npm config set strict-ssl false
npm install
or
Follow to uninstall Node.js and install properly
https://www.geeksforgeeks.org/how-to-completely-remove-node-js-from-windows/
https://coding-boot-camp.github.io/full-stack/nodejs/how-to-install-nodejs
I personally had this issue and did all the steps I listed above. My issue was fixed with npm config set strict-ssl false
The registry(https://registry.npmjs.org/cordova) was blocked by our firewall. Unblocking it fixed the issue.
With due respect to all the answers, I switched to a different network and it worked for me.
Surprisingly just restarting my computer and running npm install again worked for me
Incase its useful to others, the following is what worked for me:
On my machine, although npm proxy was set correctly, npm install waits forever doing something like sill extract. Re-trying npm install waits forever on the same package again and again.
After waiting for a long timeout, npm install printed an error message implying that git was trying to fetch something.
The problem vanished after configuring git proxy using the below command:
git config --global http.proxy https://proxy-server:port
Note the https in the value of http.proxy without which the configuration did not take effect. Proxy server settings (http / https / port) might vary for users; hence its worth spending a bit of time experimenting with npm and git proxy server settings.
This method is working for me when npm blocks in installation Package for IONIC installation and ReactNative and another package npm.
You can change temporary:
npm config set prefix C:\Users\[username]\AppData\Roaming\npm\node_modules2
Change the path in environment variables. Set:
C:\Users[username]\AppData\Roaming\npm\node_modules2
Run the command to install your package.
Open file explorer, copy the link:
C:\Users[username]\AppData\Roaming\npm\node_modules
ok file yourpackage.CMD created another folder Created "node_modules2" in node_modules and contain your package folder.
Copy your package file CMD to parent folder "npm".
Copy your package folder to parent folder "node_modules".
Now run:
npm config set prefix C:\Users\[username]\AppData\Roaming\npm
Change the path in environment variables. Set:
C:\Users[username]\AppData\Roaming\npm
Now the package is working correctly with the command line.
I'm not sure if your problem is being caused by the same reason that mine was, but I too was experiencing a hanging "npm install" and was able to fix it.
In my case, I wanted to install typescript locally in the project:
npm i typescript --save-dev
For some reason this was conflicting with a global install of typescript that I had, and the shell was just hanging forever instead of finishing or erroring...
I fixing it by first removing the globally installed typescript with the -g global flag:
npm uninstall typescript -g
After doing this the first command worked! 👍
I had npm hanging on installation of electronjs on Windows 10. I reinstalled and still it was hanging. But I noticed it got installed on another desktop in the same network. So finally I found the culprit. The issue was caused by Bitdefender free edition. There was no warning by the antivirus but it was blocking it silently. Even the console was not closing once the installation starts as it kept hanging. Disable antivirus/firewall if its on Windows and make sure network is open as npm does not seem to have a proper way of communicating network blocks and will keep proceeding indefinitely.
I've hit this problem a couple times.
When I was on VPN, I pressed Ctrl-C and disconnected from the VPN. Then npm install worked.
When I wasn't on VPN, I pressed Ctrl-C and connected to the VPN. Then, again, npm install worked.
For anyone on MacOS (I'm on Mojave 10.14), the following helped me out:
https://github.com/reactioncommerce/reaction/issues/1938#issuecomment-284207213
You'd run these commands
echo kern.maxfiles=65536 | sudo tee -a /etc/sysctl.conf
echo kern.maxfilesperproc=65536 | sudo tee -a /etc/sysctl.conf
sudo sysctl -w kern.maxfiles=65536
sudo sysctl -w kern.maxfilesperproc=65536
ulimit -n 65536
Then try npm install once more.
check your environment variables for http and https
The existing entries might be creating some issues. Try deleting those entries.
Run "npm install" again.
I just turn off my windows firewall and it worked for me.
You can also try different versions of npm.
Check your .npmrc file for a registry entry (which identifies a server acting as a package cache.)
For me, npm install would hang partway through, and it was because of a old / non-responsive server listed in my .npmrc file. Remove the line or comment it out:
>cat ~/.npmrc
#registry=http://oldserver:4873
(And/or check with your IT / project lead as to why it's not working ;)
install nvm (Node Version Manager) and downgrade node version from 14 to 12 solved the issue in my case
Uninstalling and installing node and npm worked for me. I'm using Ubuntu 20.04.1 LTS
In my case npm install was hanging because it was waiting for me to input a password to my ssh key while cloning from git repository. There was no prompt and I realized this might be the case when I typed random character and nothing was echoed back. In my case I had to look at package.json file and clone locally repositories listed there. Then I updated package.json and changed paths of those git repositories to my local paths. After doing this everything else was installed without further errors.
On windows i suddenly had the same issue and tried all of the above, but the final solution for me was to switch off the ransomware protection which I had activated. It somehow doesn´t go well along with npm
I was having this error because I was running npm in a (docker) container in WSL2, and docker in WSL2 was configuring the wrong nameservers in the containers, making the container unable to resolve hosts.
To see if your container (or even your host) can resolve hosts, you can try running: curl https://github.com. In my case I received curl: (6) Could not resolve host: github.com.
The error in the docker container doesn't happen if I don't use the default bridge, instead I used a custom bridge and defined the container with it, in which case the resolv.conf file ends up with the correct nameserver:
$ cat /etc/resolv.conf
nameserver 127.0.0.11
options ndots:0
The ip 127.0.0.11 corresponds to the docker DNS server, solving the problem in my case.
If you aren't running npm in a container, your issue may still be related to some misconfigured resolv.conf file (if you are in a Linux machine, or in Windows with WSL/WSL2).
In case anyone else encounters this, I left the npm install to run for long enough, and then the Jest extension crashed (v4.2.1), at which point the npm install completed successfully.
The Jest configuration seems to show that a test auto-watch feature was enabled. I haven't changed any Jest settings as far as I'm aware, so this must be out-of-the-box functionality.