Opened 2 years ago

Closed 20 months ago

#5945 closed defect (fixed)

sudo is not required to run npm i -g

Reported by: juliandoucette Assignee:
Priority: Unknown Milestone:
Module: Automation Keywords: goodfirstbug
Cc: kvas, sebastian, tlucas Blocked By:
Blocking: Platform: Unknown / Cross platform
Ready: no Confidential: no
Tester: Unknown Verified working: no
Review URL(s):

https://codereview.adblockplus.org/29704603/

Description

Observed behaviour

See https://hg.adblockplus.org/codingtools/file/tip/eslint-config-eyeo/README.md#l11

Expected behaviour

sudo is not required to runnpm i -g. A user with permission to write to npm's global module directory e.g. npm config get prefix is required. I think it's a bad idea to give npm superuser privileges?

Change History (10)

comment:1 Changed 2 years ago by kvas

I agree that running npm as root is a questionable practice. Do I understand it right that you're proposing to change the README.md to explain how to run npm -i -g as a normal user instead of recommending sudo?

comment:2 Changed 2 years ago by juliandoucette

Do I understand it right that you're proposing to change the README.md to explain how to run npm -i -g as a normal user instead of recommending sudo?

That, or we don't mention sudo at all.

Last edited 2 years ago by juliandoucette (previous) (diff)

comment:3 follow-up: Changed 2 years ago by kzar

Generally you do need super user permissions to install a npm (or anything) globally. I think mentioning that using sudo might be required is useful, I think it should stay. If it bothers you, you could change it to say "...often requires administrator privileges..." or something like that.

comment:4 in reply to: ↑ 3 Changed 2 years ago by juliandoucette

Replying to kzar:

Generally you do need super user permissions to install a npm (or anything) globally.

I would agree that it is common for an installation process to ask for administrator or super user privileges when installing for all users (e.g. a typical OS X or Windows installer). But it is certainly not true that one needs super user permissions to install npm (or anything[1]) globally. Permission to write is necessary to install. Permission to execute in necessary to run.

I think mentioning that using sudo might be required is useful, I think it should stay. If it bothers you, you could change it to say "...often requires administrator privileges..." or something like that.

I agree that mentioning using sudo might be useful to *just make it work* without configuring anything. But configuring npm without sudo is easy. See https://github.com/sindresorhus/guides/blob/master/npm-global-without-sudo.md or https://docs.npmjs.com/getting-started/fixing-npm-permissions

[1]: Acknowledging exceptions e.g. a program that runs another program that requires more privileges.

Last edited 2 years ago by juliandoucette (previous) (diff)

comment:5 Changed 2 years ago by juliandoucette

From: http://hub.eyeo.com/issues/4904

Hi Julian,

I fully agree. Those tools are eyeo tools and not Adblock Plus tools, especially as ABP is only a brand not a company and therefore can't own such things.

comment:6 Changed 23 months ago by juliandoucette

  • Cc tlucas added
  • Keywords goodfirstbug content added

Is Sitescripts still the correct module for codingtools?

comment:7 Changed 23 months ago by kzar

  • Cc kzar removed
  • Component changed from Sitescripts to Automation

No, look at the modules page, it's now Automation.

comment:8 Changed 20 months ago by juliandoucette

  • Keywords content removed
  • Review URL(s) modified (diff)
  • Status changed from new to reviewing

comment:9 Changed 20 months ago by abpbot

A commit referencing this issue has landed:
Issue 5945 - Removed sudo suggestion from node module READMEs

comment:10 Changed 20 months ago by juliandoucette

  • Resolution set to fixed
  • Status changed from reviewing to closed
Note: See TracTickets for help on using tickets.