This is an important Public Service Announcement about an extremely hilarious problem with npm. But the bottom line is that you should NOT use npm v5.7.0 and probably shouldn’t use npm at all at this point.
- When npm 5.7.0 is run with
sudoas a non-root user, npm changes the ownership of critical directories like
- This behavior was not a bug, but appears to have been deliberate (?!).
- This behavior happens even if you run something as innocuous as
sudo npm --help; it’s not limited to, say, installing a package.
If you’re wondering why someone might use a pre-release version of npm, bear in mind that:
- 5.7.0 is a minor release, and in theory that means that there should be no major, backwards-incompatible changes.
- Although running
npm install -g npmwill correctly install version 5.6.0, running
npm upgrade -g npminstalls the pre-release version 5.7.0 for some reason.
I would suggest that you use yarn instead, but they had a similar (and equally
hilarious issue) where yarn just… overwrote