sudo npm. #
It is is fair to assume that all
Node.js developers have seen
npm install return
exit code 1 at the worst possible time. Maybe there is absolutely no time left to see it through the right way?
The error seems cryptic, and maybe contains an
EACESS which surely is permissions related. What could really go wrong if I sprinkled a little
sudo on top?
Surely some may just not know how dangerous 3 words can be.
do not run these commands
sudo npm install
sudo npm run dev
sudo npm run build
// the list goes on...
To explain this to non technical users, this is equivalent to saying:
I want to download hundreds of thousands of lines of contributed code from the internet with FULL administrator permission on my device.
I will execute that code multiple times, sometimes leaving it running.
I will input data into that code that could be private, keys, passwords, licenses, or even proprietary / client data.
So obviously that is not good.
Every scenario is different and could call for a different approach. The first thing I typically do when debugging
Node.js dependency related issues,
That is why we don't ever use
sudo when working with package managers.
*In this example I only used
npm, but there are hundreds of package managers in the software development sphere. This same concept also applies to
pnpm. These package managers are the most popular in the
Node.js world. *
Update! A highly anticipated pacakge manager was released this year,
bun. This security warning also applies to
bun as well.