Opened on 10/26/2017 at 03:18:12 PM
Closed on 03/09/2018 at 02:32:21 PM
#5945 closed defect (fixed)
sudo is not required to run npm i -g
| Reported by: | juliandoucette | Assignee: | |
|---|---|---|---|
| Priority: | Unknown | Milestone: | |
| Module: | Automation | Keywords: | goodfirstbug |
| Cc: | kvas, sebastian, tlucas | Blocked By: | |
| Blocking: | Platform: | Unknown / Cross platform | |
| Ready: | no | Confidential: | no |
| Tester: | Unknown | Verified working: | no |
| Review URL(s): | |||
Description
Observed behaviour
See https://hg.adblockplus.org/codingtools/file/tip/eslint-config-eyeo/README.md#l11
Expected behaviour
sudo is not required to runnpm i -g. A user with permission to write to npm's global module directory e.g. npm config get prefix is required. I think it's a bad idea to give npm superuser privileges?
Attachments (0)
Change History (10)
comment:1 Changed on 10/27/2017 at 01:01:24 PM by kvas
comment:2 Changed on 10/27/2017 at 02:37:10 PM by juliandoucette
Do I understand it right that you're proposing to change the README.md to explain how to run npm -i -g as a normal user instead of recommending sudo?
That, or we don't mention sudo at all.
comment:3 follow-up: ↓ 4 Changed on 10/30/2017 at 09:57:41 AM by kzar
Generally you do need super user permissions to install a npm (or anything) globally. I think mentioning that using sudo might be required is useful, I think it should stay. If it bothers you, you could change it to say "...often requires administrator privileges..." or something like that.
comment:4 in reply to: ↑ 3 Changed on 10/30/2017 at 11:41:03 AM by juliandoucette
Replying to kzar:
Generally you do need super user permissions to install a npm (or anything) globally.
I would agree that it is common for an installation process to ask for administrator or super user privileges when installing for all users (e.g. a typical OS X or Windows installer). But it is certainly not true that one needs super user permissions to install npm (or anything[1]) globally. Permission to write is necessary to install. Permission to execute in necessary to run.
I think mentioning that using sudo might be required is useful, I think it should stay. If it bothers you, you could change it to say "...often requires administrator privileges..." or something like that.
I agree that mentioning using sudo might be useful to *just make it work* without configuring anything. But configuring npm without sudo is easy. See https://github.com/sindresorhus/guides/blob/master/npm-global-without-sudo.md or https://docs.npmjs.com/getting-started/fixing-npm-permissions
[1]: Acknowledging exceptions e.g. a program that runs another program that requires more privileges.
comment:5 Changed on 11/07/2017 at 12:50:02 PM by juliandoucette
From: http://hub.eyeo.com/issues/4904
Hi Julian,
I fully agree. Those tools are eyeo tools and not Adblock Plus tools, especially as ABP is only a brand not a company and therefore can't own such things.
comment:6 Changed on 12/05/2017 at 02:52:19 PM by juliandoucette
- Cc tlucas added
- Keywords goodfirstbug content added
Is Sitescripts still the correct module for codingtools?
comment:7 Changed on 12/05/2017 at 03:18:49 PM by kzar
- Cc kzar removed
- Component changed from Sitescripts to Automation
No, look at the modules page, it's now Automation.
comment:8 Changed on 02/21/2018 at 04:38:42 PM by juliandoucette
- Keywords content removed
- Review URL(s) modified (diff)
- Status changed from new to reviewing
comment:9 Changed on 03/09/2018 at 02:31:14 PM by abpbot
A commit referencing this issue has landed:
Issue 5945 - Removed sudo suggestion from node module READMEs
comment:10 Changed on 03/09/2018 at 02:32:21 PM by juliandoucette
- Resolution set to fixed
- Status changed from reviewing to closed
I agree that running npm as root is a questionable practice. Do I understand it right that you're proposing to change the README.md to explain how to run npm -i -g as a normal user instead of recommending sudo?