TL;DR: How lazy can you be? This post should take you 5 minutes to read... :-P
npm is out of Debian testing.
This means that the hell that is
node code handling is now even harder.
node's installation instructions
is a bloody video from which you can't copy and paste the commands (how useful),
and as far as I can tell, it's the official way to install
If you already have a good version of
node provided by your trusted
distribution, you most probably will cringe on the idea of installing a third
party package like this, and probably you don't think containers are the
solution, or you just want to install something locally so you can play with it.
If you look closer to the bottom of that page you'll find the "advances user's"
guide to install it yourself, but it's only a pattern URL to the distribution
with no further instructions. With a little bit of luck, the instructions will
be included. The pattern has a placeholder for the version you want (putatively,
the latest), but I can't find, for the life of me, references to which is the
In the GitHub project page you will find the
terrible, unluckily classic
curl https://site.com/unknown_script.sh | sh
command that downloads this script. The
script is in POSIX shell dialect, and has strange constructions:
node=`which node 2>&1` ret=$? if [ $ret -eq 0 ] && [ -x "$node" ]; then (exit 0)
To me, that
exit 0 in a subshell is the equivalent of a NOOP, so I wonder why
they decided to write the condition like that.
After checking the availability of a couple of tools (
curl), it uses the latter to download JSON from the registry, finding
there the actual version (currently
4.5.0, if you're interested). It downloads
the package, untars it, and executes:
"$node" cli.js rm npm -gf "$node" cli.js install -gf
The first removes any old installation. More on that in a minute. The
second, obviously, installs the new version. But the
-gf options (I hate short
options in scripts) are to be guessed, as no help is provided about them. Let's
--force, which means it will install somewhere in your
system and overwriting anything it finds. With the previous command it should
have deleted all the files (same options), so you're really nuking whatever was
Nowhere in the instructions so far says anything about
root, but obviously
this needs to be run as such. There's also
As of version 0.3, it is recommended to run npm as root. This allows npm to change the user identifier to the nobody user prior to running any package build or test commands.
So there's no way to make a local installation of
npm... is there? Well, not
user wide, only system wide (already explained) and project wide. Here's how to
do the latter:
$ wget https://registry.npmjs.org/npm/-/npm-4.5.0.tgz $ tar xvf npm-4.5.0.tgz # it's unpacked in a directory called 'package' $ /usr/bin/node package/cli.js install npm $ rm -rf package # clean up after you! $ ./node_modules/.bin/npm install carto
The third command uses the tarball's CLI interface to install the same version
'the right way'. To be honest, I had already used the old
npm version that used
to come with Debian to do exactly the same thing. Of course, this works as long
as newer version of
npm can still be installed with such an old version of the
same. Who knows when that's gonna break/be deprecated.
All in all, it's sad to see such an useful tool be dropped like that. I just hope someone can pick up the pieces.