Update xplat-cli.md #1867

Closed
wants to merge 1 commit into from

4 participants

@NickHeiner

Using sudo with npm install is actually a bad idea. It is better to just install to a directory that you own.

@NickHeiner NickHeiner Update xplat-cli.md
Using sudo with `npm install` is actually a bad idea. It is better to just install to a directory that you own.
a5b4712
@mollybostic

Thanks for the suggestion! I've sent it to the writer and PM for review.

@NickHeiner

Cool. I'm pretty sure that this advice is correct but I'm not a world expert at npm haha.

@Blackmist

So reading a bit more on this, it looks like this may have been how things once were, but aren't anymore (not an npm expert either.) Anyway, looking at https://github.com/npm/npm, it notes that npm will downgrade itself to nobody if ran using sudo, to prevent running arbitrary scripts as root. This seems to solve the problem.

@mollybostic

Just wanted to follow up on this thread. It looks like we're okay with leaving the text as-is for now? @NickHeiner, @Blackmist, agreed?

@Blackmist

Yes.

@tysonn
Microsoft Azure member

Closer per the thread discussing the proposed change.

@tysonn tysonn closed this Oct 6, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment