On Tue, Feb 13, 2018 at 10:23:09AM -0500, Kent Borg wrote:
> For work I need to mess with node.js, unfortunately.
> So I installed node.js:
>   apt-get install nodejs
> But I can't figure out how to install npm. When I search for installation
> instructions they all seem to want me to pipe a curl command into a sudo
> bash. Huh? That's scary as hell.
> Why is there no .deb for npm? What is so dangerous or otherwise skanky about
> npm that Debian 9 doesn't include it? Why should I let it have root
> privileges? It isn't as if Javascript has a great security reputation. And
> when they brag: "npm, is the largest ecosystem of open source libraries in
> the world", that doesn't make it sound very well vetted.
> -kb, the Kent who might have to fire up a VM to try to isolate this beast
> (if only VMs actually offered much isolation).

It's ridiculously complex.


It might be in the next stable release. It's not in the current
stable release. There are at least 30 more packages that have to 
be built and tested before npm can come in.

Best practice here: install your own npm into a directory
structure, be rigorous about how you call it, and distribute it
using your existing config management.

Discuss mailing list

Reply via email to