Skip to content
This repository has been archived by the owner on Jan 16, 2025. It is now read-only.

node: npm revision #34377

Closed
wants to merge 1 commit into from
Closed

node: npm revision #34377

wants to merge 1 commit into from

Conversation

DomT4
Copy link
Member

@DomT4 DomT4 commented Nov 21, 2014

This is the revision point previously discussed. Roughly every 4 new npm versions, or any major developments useful to Homebrew. This qualifies as both, particularly around the cache directory and handling intentional or unintentional use of sudo.

@DomT4
node: npm revision
36a42c9 
This is the revision point previously discussed. Roughly every 4 new
npm versions, or any major developments useful to Homebrew. This
qualifies as both, particularly around the cache directory and handling
intentional or unintentional use of sudo.
@MikeMcQuaid
Copy link
Member

This qualifies as both, particularly around the cache directory and handling intentional or unintentional use of sudo.

Can you elaborate a bit on this? I'm still debating if I want to force everyone to reinstall here.

@DomT4
Copy link
Member Author

DomT4 commented Nov 22, 2014

Sure. I was just about to nip out for a chunk of the evening and just hastily bashed in a quick description there. 'Twas lazy of me, I apologise 😀.

In essence, npm has historically been a little unforgiving of people mixing and matching between sudo and non-sudo usage, particularly around the issues of local npm install foo installations rather than global (i.e. into ~/ rather than /usr/local/lib).

So in many situations, and it's something we see here in Homebrew with a lot of the npm issues reported installing something locally as root when you install globally as non-root can bork those directories' permissions. npm's developers don't actually recommend sudo as the path to go down but it is habitual for people to get frustrated with something and try to force it with sudo anyhow.

One of the bigger problems with sudo and npm which was fixed in this commit in the latest stable release of npm, is that using sudo to npm install something, if that something is pulled from a .git, poisons npm's internal cache directory to expect sudo and start running into permission failures without it. This is something we've seen a couple of times in Homebrew, to my knowledge. Really, what we should tell end users in our caveats is to never, ever use sudo for npm, but that doesn't get around people's desire to make things work, often by the force of root. We see enough people trying to force brew things with sudo despite Homebrew's very vocal desire to never use sudo to prove that leaving notes in documentation doesn't override the basic desire to make things work locally at any cost, alas.

There is a history on this issue in this comment upstream, and @othiym23 may have some/many corrections to my points here - Naturally Forrest has an intimately better understanding of npm than I do 😉.

@DomT4 DomT4 deleted the node branch November 23, 2014 02:56
@Homebrew Homebrew locked and limited conversation to collaborators Feb 17, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@DomT4 @MikeMcQuaid