> This issue has been happening ever since 5.7.0 was released a few hours ago. It seems to have completely broken my filesystem permissions and caused me to have to manually fix the permissions of critical files and folders
> By using sudo npm on a non-root user (root users do not have the same effect), filesystem permissions are being modified. For example, if I run sudo npm --help or sudo npm update -g, all commands starting with sudo npm cause my filesystem to change ownership of directories such as /etc, /usr, /boot, and other critical directories needed for running the system to the current user running the command.
Had to google to find out wtf was this shit. Aaaand it's a Javascript tool. So it makes sense that the people who wrote it are absolute retards. Just like the people who can't write decent shit. Just the same brandead people who need Rust to write software that doesn't Nagasaki your computer.
Caleb Brown
Braindead. Fuck I need to trash this 8 bucks keyboard.
William Diaz
how the fuck can you use this piece of shit without sudo?
Benjamin Turner
Linux is a kernel.
Jacob Sanders
never had to use sudo with global packages
pip on the other hand...
William Taylor
>using package managers like pip or npm on linux no, use your actual package manager, those are only useful on platforms like windows that don't have their own package manager
Nathan Garcia
NodeJS is actually useful, it enables webdevs to write backends for testen or even production environments and with appjs it is even possible to port webapps to desktop
Tyler Kelly
I hate that new trend. Every new language has to come with its own shitty package manager now. And every fucking program pulls like thirty shitty microlibraries.
Aaron Mitchell
>it's useful because it lets people bring the disadvantages of the web to other areas, too! is it not enough that the web is shit? why must be bring everything else down to it's level?
Anthony Fisher
the web isn't shit, also it's cutting costs by allowing your frontend devs to do the backend also
Owen Stewart
Digital Socialism: Everyone can code now.
Christopher Cruz
Name something more gay and soylent than JS and NPM
Logan Watson
>allowing your frontend devs to do the backend is that really what you want?
Ryan Price
> cutting costs by mixing roles
Common mistake with expensive price
Jacob Parker
yes, money is where it's at how come? node works fine
Adrian Martinez
Ruby
Juan Jones
it's like getting the people who design lego kits to also handle the lego piece manufacturing equipment
Daniel Bailey
>sudo npm on a non-root user What the fuck is with this wording. That IS running NPM as root user regardless.
Security doesn't include resisting the properly logged in administrative root account.
Chase Taylor
>That IS running NPM as root user regardless. Well technically but not really. Using sudo will not transform your session into a new session, it's not equivalent to a login.
Connor Harris
That's not really what it does.
Sudo just executes commands with root privileges & it can filter out some of these commands, and some users from using it. But it still just executes commands with root privileges.
There isn't anything special beyond that going on. If you do sudo bash, it's exactly that you started bash as root. Yea, without going through the usual login procedures with PAM or such, you just bypassed that with sudo.
Julian Cruz
>Yea, without going through the usual login procedures with PAM or such, you just bypassed that with sudo. this is exactly what i'm on about and that's why sudo is not a full login
Henry Lopez
It's running as full root user, without the USUAL login procedure. It's an alternative ... execution as root ... procedure. You can also call it an alternative login method if you invoke any interactive thing like bash or such.
Ryder Kelly
PS: The point is either way that the program you invoke then DOES run as root.
It's *not* running on a non-root user, that's merely who triggered it. It runs fully as root.
Jordan Miller
>what is pip --user
Ethan Ramirez
>there is only one GNU/Linux, made only one way and you can't modify it >this is what retards actually believe
Christian Kelly
>alternative login method, will call all hooks
Lincoln Morgan
Any mention of non-root literally does not matter if you first escalated privileges of the running NPM to unrestricted root. It doesn't even matter if you technically didn't log in but designed an alternative CPU hardware that just hooks the kernel in that way
If you run things under unrestricted root, no shit they can do everything root can.
You got endless options of NOT giving users and random javascript off the internet actual main system sudo / su permissions but instead run their software under their user account or a specialized dicking-with-javascript account, in systemd-nspawn, containers, VMs and so on and so forth.
Use that. But don't be surprised if things that have root access actually do things only root should be able to do. Like edit in /root or /etc.
Christian Reyes
I wasn't the one arguing sudo npm is a great idea and that it's restrictive, of course that shit's retarded.
Dominic Sanders
5.7 is prerelease and you are idiot if you running that in production.
Camden Murphy
This. Language-specific package managers are cancer. The worst is cargo (for rust), which has features that can make distro packaging difficult/impossible for some libraries, and whose designers knew about this issue and just fucking ignored it.
Thank god for Nix, which manages to solve all the same problems as cargo/stack/pipenv/etc but in a relatively sane and consistent way.
Thomas Perez
It sounds like npm has some logic to figure out which user invoked `sudo npm`, and then does things on behalf of that user. Which is fucking absurd, but hey, this is npm we're talking about
Dominic Hernandez
I do very much like Scala's sbt, but the difference is that ultimately it is working with a (user account or global) cache directory and packages associated with each application.
It's well-isolated from causing effects ON the system indirectly. Very little can go wrong. And no need to run it as root.
Jose Richardson
Possibly, but even then I even find it fucking absurd that you run it as root in an actual non-isolated manner. It'd be okay if it was a systemd-nspawn chroot/jail thing or in a VM or container, but then probably nobody would have really complained. It'd have been some not so important bug, to be fixed at some point.
But no, they had to go and run it as root. On their live host OS. Why the hell does a javascript management thing need to fudge around as root? It belongs to some user account or a web server at most.
Ayden Edwards
I thought sudo was basically su root, execute command and exit? How does it remember the original user?
Jackson Morris
Because that's not how sudo works at all. sudo escalates your privileges, sources your .bashrc and retains environment variables.
Carson Harris
>Why the hell does a javascript management thing need to fudge around as root? To install libraries or binaries into the global search paths.
This isn't all that unreasonable. Pip and Cabal likewise need root if you want to install a package system-wide. The weird part is that the NPM devs apparently think they need to chown some files back to the invoking user as part of this process, which makes me wonder just what the fuck they're trying to do.
>I thought sudo was basically su root, execute command and exit? sudo is much more complicated than `su -c`.
>How does it remember the original user? It sets an environment variable $SUDO_USER before running the command.
Zachary Morris
Ok thanks. Guess I'm retarded
Samuel Adams
>To install libraries or binaries into the global search paths. I find that unreasonable, but if you need to do this you just include the npm / pip / cabal user's own directories into that search path.
These tools do not need to be able to read/write to everything from raw block devices over /etc to every user's home and every path whatsoever. So they should not be able to. They just and only should manage their own scripts.
Joseph White
>working with jewescript the ones affected deserve it.
> skin color clearly will affect the quality of presentations on JavaScript testing One more for the "North American & crazy as fuck" fetish folder.
Mason Anderson
T H I S W A S T H E W O R K O F S J W S
C H E C K W H O R E L E A S E D 5 . 7
Angel Myers
REEEEEEEEEEEEEEEEEEE
Jack Martin
This is what FB is built with, Sup Forums.
Jace Stewart
Committed by a WOMAN
Zachary Long
or someone who claims to be one
Elijah Sanchez
It's just too bad your bistro (and by that I mean every bistro) doesn't remotely have the manpower to package even the complete software, let alone all libraries. No, bistro package managers are the wrong strategies. In fact, I wish they'd focus on the most important packages and get them right, unlike, say, Plebian.
No, specialized ecosystem package managers are the right ideas, it's just that Node and Python memers are plain incompetent. As to be expected of script kiddies.
Easton Collins
>use your actual package manager So you end up relying to distro maintainers instead? Also, when some packages aren't in the repos and you have to use pip/npm/whatever the result is making a mess with some packages user/system managed by the language, some from the distro and some from both. The alternative is making your own packages which is unproductive. (My experience with apt, pacman, yum/dnf.)
>windows that don't have Windows though has superior OneGet which allows you to use the languages' package manager from a unified front-end. You have to rely only on the developers themselves instead of NEETs pretending they know stuff better than the ones making them.
Logan Rivera
There is nothing wrong with pip. You can either use it for system or user installations and allows independent versions of packages. Coupled with Python's virtual environment module you can work better than with most distro package managers.
Mason Robinson
>There is nothing wrong with pip. I vaguely remember them having similar problems node had. That said, I'm not sure this was about pip.
