Correctness of "resolving EACCES Permissions errors when installing packages globally"


(Frans Flippo) #1

Can anyone comment on the correctness of https://docs.npmjs.com/resolving-eacces-permissions-errors-when-installing-packages-globally ?

The article seems to suggest you should install global packages in a specific user’s home directory. That seems contradictory to me and doesn’t fix the problems people have with globally installed packages, namely that permissions are not set correctly (see also https://github.com/npm/npm/issues/3849) and as a result they are not usable.

Configuring the global packages directory to not be something like /usr/lib/node_modules but instead a user’s home directory, as suggested by the “resolving EACCES Permissions” article only solves this problem for that particular user. However, a global package would need to be accessible by all users.

I’m also not clear on how the first “solution” (using a Node Version Manager to install NodeJS and npm - https://docs.npmjs.com/downloading-and-installing-node-js-and-npm#using-a-node-version-manager-to-install-node-js-and-npm) fixes this problem. According to the documentation there, using a Node Version Manager:

allow(s) you to install and switch between multiple versions of Node.js and npm on your system so you can test your applications on multiple versions of npm to ensure they work for users on different versions.

That seems like an entirely different issue.

I don’t come from a NodeJS or even a Javascript background, so I’m aware that you guys’ way of thinking might be a lot different from what I’m used to. So please help me understand :slight_smile:

However, if there is consensus that the article doesn’t provide a valid solution for the problem it says it solves (making sure that globally installed packages are readable and executable by all users on the machine), we can decide on a proper solution and open a PR to fix the documentation.

Thanks,
Frans


(Brian Thompson) #2

Hi Frans. Thanks for your input. It’s eye-opening to see a non-JS person’s take on npm :wink:.

The word “global” is a little misleading. In the npm community, when we say “global”, we mean that the package can be used in any project space, not used by any user.

Back in the day, it was a huge convenience to have them installed globally, but now that there are node version managers, it has become more of an unspoken best practice to manage all of a project’s dependencies locally, and manage all the tasks that you would usually need to run globally with local packages (namely with npm scripts in the package.json). This keeps your environments siloed, which leads to more flexibility, maintainability, and reusability.

A lot of the caveats you may discover with npm are mostly community-driven, and it’s ever-evolving.


(Kiera Manion-Fischer) #3

Hi Frans, thanks so much for sharing your perspective on this article. It’s one of the ones we’ve flagged for revision, but I’m not sure how soon we’ll be able to get to it. I’m tracking all the feedback we get on it internally. Using a Node version manager helps make sure that npm is initially installed with the correct user permissions, and as a bonus, it can help you switch between Node versions. Let me know if that answers your question, and if I can help you out further.


(Frans Flippo) #4

Thanks, Brian. How you explain global is also how I understood it. But some pages seem to have a different take on it, like this one:

https://nodejs.org/en/blog/npm/npm-1-0-global-vs-local-installation/ :

In general, the rule of thumb is:

  1. If you’re installing something that you want to use in your program, using require('whatever') , then install it locally, at the root of your project.
  2. If you’re installing something that you want to use in your shell , on the command line or something, install it globally, so that its binaries end up in your PATH environment variable.

Also, the way my package manager (yum on CentOS) installed npm, it configured the global packages to end up in /usr/lib/node_module which is definitely a system global location.

So there seems to be a lot of misunderstanding and misalignment on what global means, especially since the term generally means something else than what it apparently means in an npm context.

So perhaps this requires a whole review of all the npm documentation regarding local vs global, to make sure it’s clear and consistent?


(Brian Thompson) #5

Ah, I misunderstood the docs. As Kiera stated, it’s on the agenda. I agree with you that it needs to be looked at. Nice catch!


(Frans Flippo) #6

Sure. Let me know if I can help out somewhere.