NPM modules won't install globally without sudo

Ubuntu 12.04 and using Chris Lea's PPA for install the following works for me:

npm config set prefix '~/.npm-packages'

and adding $HOME/.npm-packages/bin to $PATH

append to .bashrc

export PATH="$PATH:$HOME/.npm-packages/bin"

see https://stackoverflow.com/a/18277225 from @passy


If you already have $HOME/bin in your path, a simpler solution is just ...

npm config set prefix ~
  • New node commands will now install into your $HOME/bin directory.
  • No need to change your path!

Since this discussion is really about reducing the security risks of running sudo, you should also be aware that any node app could potentially be installing an app name that does not match the registered node package name you think you're installing. So there is a security risk that an npm install will replace an existing system command or one you already have in $HOME/bin. If you're concerned, check the bin, and scripts properties in the package.json file of the app you're installing first.

In general, it's safest to:

  • (a) Place $HOME/bin last in your path so system commands are not superseded.
  • (b) don't include "." or any relative path in your $PATH so you don't accidentally run a command that happens to be in the current directory.

Reference:

  • package.json properties
  • npm install
  • NodeJS security vulnerabilities: nodesecurity.io.

As for October 2014:

Node.js is available from the NodeSource Debian and Ubuntu binary distributions repository.

curl -sL https://deb.nodesource.com/setup | sudo bash -
sudo apt-get install -y nodejs

That's it.

Outdated answer:

The fastest way without using sudo is like described here by isaac

I strongly encourage you not to do package management with sudo! Packages can run arbitrary scripts, which makes sudoing a package manager command as safe as a chainsaw haircut. Sure, it's fast and definitely going to cut through any obstacles, but you might actually want that obstacle to stay there.

I recommend doing this once instead:

sudo chown -R $USER /usr/local

EDIT:

There are certain security concerns and functionality limitations regarding changing the ownership of /usr/local to the current user:

  • if there is another user on the machine who could use global npm packages - do not change the ownership of /usr/local
  • https://apple.stackexchange.com/questions/1393/are-my-permissions-for-usr-local-correct
  • https://askubuntu.com/questions/261326/is-it-safe-to-chown-usr-local

Having said that, if you want to install global module without using sudo, I don't see any better solution (from pragmatic point of view) than mentioned. Security vs easy of use is very broad topic, and there is no easy answer for that - it just depends on your requirements.