Yes, npm installs to a node_modules/ subdirectory. GP is off the mark. It's possible that people mistakenly use sudo with npm because the syntax is reminiscent of apt. This is absolutely not necessary.
As of version 0.3, it is recommended to run npm as root.
This allows npm to change the user identifier to the nobody
user prior to running any package build or test commands. [1]
npm modules that are used from the command line are often installed with the -g, or global switch so they can be used anywhere. Yeoman [2], for example, is installed to /usr/lib/node_modules/yo/bin/yo and owned by nobody:users on my system. While it's reassuring that these files are chowned to nobody, I confess I don't understand npm enough to tell if running it as sudo will not give modules root access in other ways to my machine.
I've worked with node for a couple years. I've used npm hundreds of times, and I can count on one hand the number of times I've used it in combination with sudo (and all but one were a mistake).
~/dev $ ls /usr/local/lib/node_modules/
jsontool npm
Every time I've used npm with sudo I've received a big warning in red to not do that.
I only use -g when installing runnables, like less, jade etc. I try very hard to reduce the number of CLI apps that I install this way (I've written several build.js scripts that use less/jade/etc as a library instead of an application) because I don't trust the npm repository (no signing, no guarantees, etc).
Please avoid -g unless installing a CLI tool. You will only end up in version hell if you install globally, which is what node_modules was designed to avoid.
reedlaw|12 years ago
1. https://npmjs.org/doc/README.html
2. http://yeoman.io/
dmpk2k|12 years ago
I've worked with node for a couple years. I've used npm hundreds of times, and I can count on one hand the number of times I've used it in combination with sudo (and all but one were a mistake).
Every time I've used npm with sudo I've received a big warning in red to not do that.beatgammit|12 years ago
Please avoid -g unless installing a CLI tool. You will only end up in version hell if you install globally, which is what node_modules was designed to avoid.