Posted: November 08, 2022

@SecFails

Photo Credit: @SecFails

.

Rootless node: Install node the safe way

.

The infamous /opt folder

Imagine it's Monday, and you're excited to start working on your new project. The first step is to set up your environment, so you turn to Google for guidance on how to install your node environment. However, what you find is a flood of tutorials suggesting that you install it in the infamous /opt folder.
After you finally manage to install node or npm, you realize that you can't use them without adding our possessive friend sudo on every call.
It's frustrating, isn't it?
You even tried using chown to change the ownership of the node folder, but it's a practice that's generally discouraged. Moreover, any changes you make are undone when you call npm with sudo again.

The reason behind this predicament lies in the fact that the /opt folder is system-owned. This convention of installing third-party software in the /opt folder comes from the FHS convention from 1994 and it's outdated. Softwares like IntelliJ and PyCharm, which are installed in the /opt folder by default, have root access to your files.

However, there is a newer and better alternative!

The .local folder

This convention was introduced in 2007 as part of the XDG Base Directory Specification. The .local folder is user-owned and specifically designed for user-specific files and applications. It even mirrors the root folder / structure, making it intuitive to navigate.

By installing your tools in the .local folder, you can avoid the permissions issues and security risks that come with installing in a system folder such as typosquatting and others.

Installation

The further instructions install node and npm within n version manager for best practice, every node version and it's packages will reside into the .local folder.

  1. First download the compressed node files from https://nodejs.org/en/download/
  2. Extract folder node-v16.16.0-linux-x64.tar.xz
tar -xf node-v16.16.0-linux-x64.tar.xz
  1. copy folder to .local (which is the folder where non-sudoer software are installed, like firefox for example)
cp -fR ~/Downloads/node-v16.16.0-linux-x64/* ~/.local/
  1. Remove files such as README.md, LICENSE and CHANGELOG.md files,
cd ~/.local/
rm README.md CHANGELOG.md LICENSE
  1. Make node binary discoverable by adding to binaries PATH into .bashrc 
# if you haven't previously done yet
echo PATH=\"\$HOME/.local/bin:\$PATH\" >> ${HOME}/.bashrc

# to reload .bashrc env into this terminal
source ~/.bashrc
  1. Make npm install the node modules into .local instead of /usr/local by updating the prefix variable
npm config set prefix ~/.local
  1. Install n (which now will be installed into .local folder)
	npm i -g n
	# Now n binary was installed into .local/bin folder
  1. Make n use .local instead by updating n_prefix variable
echo export N_PREFIX=\"\$HOME/.local\" >> ${HOME}/.bashrc
source ~/.bashrc # to reload .bashrc env into this terminal

Done, you won’t need to use sudo anymore for node
Now verify that indeed node, npm and n points to .local

> which node && which npm && which n
~/.local/bin/node
~/.local/bin/npm
~/.local/bin/n

> npm config get prefix
~/.local
© 2022 — Matheus Toazza TuraLegal Information