9

Node and npm are both installed and up to date but keep getting this error when trying to install coffeescript. I am still new to programming so any advice would be greatly appreciated.

test-macbook:~ Test$ npm -v
1.1.0-3
test-macbook:~ Test$ node -v
v0.6.8
test-macbook:~ Test$ npm install -g coffee-script
npm http GET https://registry.npmjs.org/coffee-script
npm http 304 https://registry.npmjs.org/coffee-script
npm ERR! Could not create /usr/local/lib/node_modules/___coffee-script.npm
npm ERR! error installing coffee-script@1.2.0

npm ERR! Error: EACCES, permission denied '/usr/local/lib/node_modules/___coffee-script.npm'
npm ERR! 
npm ERR! Please try running this command again as root/Administrator.
npm ERR! 
npm ERR! System Darwin 11.2.0
npm ERR! command "node" "/usr/local/bin/npm" "install" "-g" "coffee-script"
npm ERR! cwd /Users/Dylan
npm ERR! node -v v0.6.8
npm ERR! npm -v 1.1.0-3
npm ERR! path /usr/local/lib/node_modules/___coffee-script.npm
npm ERR! code EACCES
npm ERR! message EACCES, permission denied '/usr/local/lib/node_modules/___coffee-script.npm'
npm ERR! errno {}
npm ERR! 
npm ERR! Additional logging details can be found in:
npm ERR!     /Users/Dylan/npm-debug.log
npm not ok
Anconia
  • 3,888
  • 6
  • 36
  • 65

3 Answers3

13

Following the advice of nmp author Isaac Z. Schlueter:

I strongly encourage you not to do package management with sudo!

Instead of sudo npm install ... you could instead change permissions on your /usr/local directory:

sudo chown -R $USER /usr/local

After doing this once, you should be able to npm install ... (without sudo).

Tim Schaub
  • 6,722
  • 1
  • 26
  • 17
  • you are absolutely right - this is the whole point of using package managers like npm or homebrew :) – bx2 Feb 10 '13 at 16:27
9

I realize this is an older thread, but I just ran across this and wanted to update the last answer.

Changing the owner of the entire /usr/local directory is a horrible answer to this question. There's no reason at all that you should do that.

If you look at the error message from npm, it's being denied write permissions on /usr/local/lib/node_modules/ I know that after installing node and npm on OS X Mavericks, its default owner is a non-existent user.

0 drwxr-xr-x   3 24561        wheel     102 Jan 23 14:17 node_modules

If you're just running node/npm on your local development machine, just change the owner of the node_modules folder to your user:

sudo chown -R yourusername /usr/local/lib/node_modules

Then you can install modules with npm without sudo and without changing the owner of /usr/lib from root, as it should be.

Chad Russell
  • 121
  • 1
  • 2
  • 2
    `sudo chown -R $USER /usr/local/lib/node_modules` avoids the problem of users accidentally entering the wrong username. – ThomasW Jan 07 '15 at 05:46
8

The error message is fairly clear:

npm ERR! Error: EACCES, permission denied '/usr/local/lib/node_modules/___coffee-script.npm'
npm ERR! 
npm ERR! Please try running this command again as root/Administrator.

You can't install it in /usr/local/lib/node_modules because you don't have the necessary permissions. Try using sudo:

dylan-hermans-macbook:~ sudo npm install -g coffee-script

The npm author recommends not using sudo because packages can run arbitrary commands so sudo npm install is dangerous. He suggests switching the ownership of /usr/local to your user. I think that's horribly advice that just gives you a false sense of security: if a package can run arbitrary commands then it can mess with your home directory (including all your personal data, executables, config and startup files, ...) regardless of sudo or who owns /usr/local so not using sudo really doesn't do much for you. If you don't trust a package then don't install it; if you don't trust a package then how can you even use it? The /usr/local tree is still a system directory tree and OSX is still a multi-user operating system.

IMO a much better solution is twofold:

  1. Don't install or use any packages that you don't trust. If you install it then you're trusting that code to be you (unless you're always going to run it in a jail of some sort but if you're going to those lengths you're probably better off writing the code yourself).
  2. Leave sudo and /usr/local alone and install it all inside your home directory. You'll be subject to most of the same dangers as using sudo or changing the /usr/local ownership but at least you won't be picking up bad habits.
mu is too short
  • 426,620
  • 70
  • 833
  • 800
  • 1
    Thank you! I was not aware the solution was so simple. I'll be sure to keep this in mind for similar problems that I encounter in the future. – Anconia Jan 27 '12 at 01:00
  • 1
    Please see the answer from Tim Schaub, below, for the proper way to handle this. – Aral Balkan Feb 11 '13 at 16:15
  • This is not a solution in any way, the solution is to give the user to access to '/usr/local' as @TimSchaub puts it correctly. – Avinash R Mar 07 '13 at 10:19
  • @AvinashR: If you don't like it, downvote it. I find the idea of `chown`ing `/usr/local` to be ridiculous and Isaac Schlueter's advice is quite frankly stupid: if you don't trust a package then why would you install it at all? If a package can run arbitrary scripts then it can do all sorts of fun things to your home directory. – mu is too short Mar 07 '13 at 18:15
  • actually Issac's [advice](http://howtonode.org/introduction-to-npm) is better than alternative of using `sudo`, why? [the lesser you run code in elevated privileges the better](http://en.wikipedia.org/wiki/Principle_of_least_privilege). The best way to kick off sudo from the command is to give the user access to the `/usr/local` (a.k.a `chown`) or to create a group that owns it (say _local-admin_) and add the user to the group.(which requires `sudo`, if I'm right) – Avinash R Mar 07 '13 at 18:58
  • BTW, @muistooshort I'm not telling this just by reading the wikipedia article I used above, you can see that other people are having same mentality [here](http://unix.stackexchange.com/a/21155) – Avinash R Mar 07 '13 at 19:02
  • 1
    @AvinashR: I think the best thing would be if installation came in two steps: one step builds things (which could be done by a super-low privilege user such as `nobody`), one step does the installation solely by copying files or executing a limited set of well defined commands each of which would require confirmation. So no scripts would be run by a privileged user during installation and only a small set of safe-ish things could be done with explicit permission. I still see `/usr/local` as part of the OS so it should be read-only for non-root users. – mu is too short Mar 07 '13 at 21:26
  • 2
    @muistooshort answer is right on target. Saying that chown of /usr/local is better than sudo in any way is disingenuous. With sudo you make explicit your intentions of elevating privileges, with chowning /usr/local you will be at the mercy of whatever packages you install. No one should ever own /usr or subdirectories except root suggesting otherwise breaks the unix security model. – rdodev May 03 '13 at 15:10
  • Option two looks like an excellent solution to this. What would the command look like to install into your home directory? – Matthew Walker Aug 26 '13 at 01:51
  • @MatthewWalker: I'm not sure off the top of my head, I used Cinderella and Brew to install everything and that sensibly puts everything in `~/Developer`. – mu is too short Aug 26 '13 at 02:05