Is sudo supposed to be required for globally installed packages on OS X?

[domenic]

Several coworkers have downloaded the default Node.js install from nodejs.org, and can't install packages globally without using sudo. They're running Mac OS X.

We've been solving this by either: (1) chowning directories left and right; or (2) nuking their existing installation and telling them to use homebrew.

Is this intended behavior?

[mfncooper]

The default install probably puts things in /usr/local/bin, which means global installs will try to go there too, and yes, that usually requires sudo. The easiest way to handle this is to set the npm global prefix such that global installs will go somewhere else. (npm config set prefix /some/better/path -g) Make sure that the somewhere else is on the path, so that things will be found.

An alternative would be to have your coworkers use something like nvm, which will install in a writable location as well as let them easily switch between versions. (And it doesn't build Node any more, unless it has to.)

[isaacs]

Using sudo is fine. npm will not run arbitrary build scripts as root, if you're root -- it chown's the package dir to nobody and then runs scripts as nobody.

If packages do other non-gyp things in their install scripts, then they are broken. Complain to the authors.

If you really really need to run package scripts as root, then set the unsafe-perm config to true.

[edef1c]

@domenic I personally npm config set prefix ~/npm and have ~/npm/bin in my PATH.

[MattiSG]

From a user point of view, as it's global, i.e. it makes a command available to all users, it seems logical that admin access is required.

[luk-]

@MattiSG that's not necessarily true. the user on my machine I use for dev work can write to the directory without using sudo, and these commands can be ran by other users on the system if necessary due to how the executable permissions are set up. You don't need root-level permissions to allow a command to be executable to all users.

[Meligy]

I'd argue this should be opened again. At least for how the behaviour differs from Windows for example, for what's essentially the same semantic (running global installs as admin).

i have been using NPM on Windows for years. When I got my first Macbook Pro and installed Node then tried to install my first global package I just halted.

It should be standardized whether global packages are meant to be global within the same user profile (which makes most sense especially in hosted environments), or machine wide. This shouldn't change per OS (or at least be documented in NPM install or NPM folders documentation sections).

Thanks a lot for reading this feedback, and for making NPM in the first place.

[edef1c]

@Meligy On Unices, the convention is that "global" means /usr/local. On Windows, per-user installs are fairly common, and running npm as admin is a bunch more painful. In the face of those things, "consistency" feels like a fairly flimsy argument against the OS difference.

[Meligy]

If it's inconsistent (assuming we agree there are good reasons for the inconsistency), then it will make several people's life a tiny but easier if there is a warning about that, either in CLI (best) or in documentation.

I couldn't find anywhere that is authentic and suggests this is the expected behaviour (that it's not broken) except here, which wasn't the only result on the topic when searching.

[edef1c]

It's consistency with the surrounding environment over consistency across platforms. It might be a mild surprise for people who work on multiple platforms, but that's a small price to pay, relative to surprising everyone who uses Windows only.

[loxK]

The issue I face:

when installing a package globally using sudo, it writes to my ~/.npm folder as root so running npm install as a normal user fails very often afterwards.

[othiym23]

@IoxK You should upgrade your npm and then run sudo chown -R $(whoami) ~/.npm one more time to get everything straightened out. After that, npm shouldn't mess up permissions in ~/.npm anymore.

[christianhaller]

thx @othiym23 👍

[ajmas]

What do you do if you need to npm install global, but you don't have an admin account? Should the alternative behaviour be to prompt the user to install local to their account instead? Something like:

You don't have write permission to /usr/local/bin, do you wish to install to ~/bin instead? [y/N/always]