NPM update problem/question after installing a node (renamed topic)

Well, I tried a couple of times to install it from the webpage. Failed. Timeout.

Tried from the CLI/Terminal:

pi@TimePi:~/.node-red $ npm install node-red-contrib-simpletime
npm WARN node-red-project@0.0.1 No repository field.
npm WARN node-red-project@0.0.1 No license field.

+ node-red-contrib-simpletime@2.4.0
added 1 package from 1 contributor and audited 878 packages in 766.776s
found 6 low severity vulnerabilities
  run `npm audit fix` to fix them, or `npm audit` for details


   ╭───────────────────────────────────────────────────────────────╮
   │                                                               │
   │       New minor version of npm available! 6.4.1 → 6.7.0       │
   │   Changelog: https://github.com/npm/cli/releases/tag/v6.7.0   │
   │               Run npm install -g npm to update!               │
   │                                                               │
   ╰───────────────────────────────────────────────────────────────╯

pi@TimePi:~/.node-red $ 

Being the fool I am - and I know this has been said before to me but I don't understand why programs I run give me messages I should not action.

pi@TimePi:~/.node-red $ npm install -g npm
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/aproba
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/bluebird
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/cidr-regex
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/colors
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/cli-table3
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/figgy-pudding
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/genfun
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/get-stream
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/glob
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/graceful-fs
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/JSONStream
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/libnpmhook/node_modules/npm-registry-fetch
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/lru-cache
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/minizlib
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/npm-packlist
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/npm-registry-client/node_modules/retry
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/npm-registry-client/node_modules/ssri
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/npm-registry-client
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/npm-registry-fetch/node_modules/figgy-pudding
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/npm-registry-fetch/node_modules/pump
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/npm-registry-fetch/node_modules/cacache/node_modules/mississippi
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/npm-registry-fetch/node_modules/smart-buffer
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/npm-registry-fetch/node_modules/socks
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/npm-registry-fetch/node_modules/socks-proxy-agent
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/npm-registry-fetch/node_modules/ssri
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/npm-registry-fetch/node_modules/cacache
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/npm-registry-fetch/node_modules/make-fetch-happen
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/npm-registry-fetch
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/libnpmhook
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/npm-profile
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/protoduck
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/rimraf
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/semver
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/npm-pick-manifest
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/spdx-license-ids
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/ssri
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/cacache
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/string_decoder
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/tar/node_modules/yallist
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/tar
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/unique-filename
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/pacote
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/write-file-atomic
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/byte-size
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/chownr
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/ci-info
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/config-chain
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/is-cidr
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/libcipm
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/npm-audit-report
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/opener
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/query-string
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/readable-stream
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/copy-concurrently/node_modules
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/fs-write-stream-atomic/node_modules
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/gauge/node_modules
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/gentle-fs/node_modules
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/libnpmhook/node_modules
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/npm-registry-client/node_modules
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/npm-registry-fetch/node_modules
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/npm-registry-fetch/node_modules/cacache/node_modules
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/tar/node_modules
npm WARN checkPermissions Missing write access to /usr/lib/node_modules
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/are-we-there-yet
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/concat-stream
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/duplexify
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/execa
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/flush-write-stream
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/from2
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/got
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/is-ci
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/move-concurrently
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/parallel-transform
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/run-queue
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/sha
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/stream-iterate
npm WARN checkPermissions Missing write access to /usr/lib/node_modules/npm/node_modules/through2
npm ERR! path /usr/lib/node_modules/npm/node_modules/aproba
npm ERR! code EACCES
npm ERR! errno -13
npm ERR! syscall access
npm ERR! Error: EACCES: permission denied, access '/usr/lib/node_modules/npm/node_modules/aproba'
npm ERR!  { Error: EACCES: permission denied, access '/usr/lib/node_modules/npm/node_modules/aproba'
npm ERR!   stack: 'Error: EACCES: permission denied, access \'/usr/lib/node_modules/npm/node_modules/aproba\'',
npm ERR!   errno: -13,
npm ERR!   code: 'EACCES',
npm ERR!   syscall: 'access',
npm ERR!   path: '/usr/lib/node_modules/npm/node_modules/aproba' }
npm ERR! 
npm ERR! The operation was rejected by your operating system.
npm ERR! It is likely you do not have the permissions to access this file as the current user
npm ERR! 
npm ERR! If you believe this might be a permissions issue, please double-check the
npm ERR! permissions of the file and its containing directories, or try running
npm ERR! the command again as root/Administrator (though this is not recommended).

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/pi/.npm/_logs/2019-01-29T13_06_35_540Z-debug.log
pi@TimePi:~/.node-red $ 

See attached log file.
(problems with allowed attachment "type". Won't accept .log files)

The first log shows that the node was installed.
So given the title, what’s the issue?

If the issue is the permissions issue you had when you then tried to install npm, perhaps you could choose a more appropriate title?

The pi upgrade script is your friend, don’t update Node-RED, nodejs or npm outside of it. It’s not worth the hassle

You tried to install an update to npm globally. To do that on Linux requires root access so you need to prefix your command with sudo.

But I would simply ignore the message. You really don't need a minor version update to npm, it will work just fine. In the past, I've done npm updates and been left with issue. I prefer to keep the version of npm that comes with the version of nodejs installed.

Totally,

I am sure I have been down this before and I was told to NEVER use sudo to update NR nodes, etc.

I got the update script and prefixed it with sudo and did it that way.

A long time ago I had problems updating and Nick really drove it home to never use sudo.
The update script was not shown with sudo and so it doesn't need it.

He then went on to give me the commands to set the correct ownership of the files/directories.
I did that.

So, I deleted it from the update script.

Now, I am being told I have to use sudo.

Please. Which is it?

This is correct. But npm isn't a Node-RED node.

As already stated the best advice is to upgrade Node-RED, nodejs and npm using the script on the website. Use the manage palette option to install and upgrade nodes.
Then you never have to worry! :slight_smile:

TL:DR version is that you should always install things locally unless there is a compelling reason to do other wise. Installing locally does not require SUDO.

However, some things really need to be installed globally. When you install NodeJS, it is installed globally which is why you have to use sudo to install it. Installing NodeJS also installs some other tools - also globally so that they can be used by all users (who have permissions) on the system. npm is one of those tools.

While you don't personally install npm because the nodejs install does it for you - you could install it manually if you wanted to. In that case, you could install it locally but that would be a bit silly since you already have a global copy. So you would install it globally and would need to use sudo accordingly.

The annoying message that you showed us comes from npm itself, you are expected to understand that it is globally installed and therefore, to update it, you would need to use sudo.

Linux was invented by nerds for nerds! What can I say?

Summary

  • Install locally if possible - no sudo needed, limits security exposure
  • If needed by all users as a global command, install globally - sudo is needed

What could be simpler :thinking::crazy_face::nerd_face:

Ok, thanks.

I get that I should update nodes via the "manage palette" option.

I tried 3 times to install it that way and it just timed out.
(That is a RPI2 B)

Doing it from the CLI I can run the install script and it takes as long as it needs.

This way it does get installed, rather than 3 failed attempts to and it not install.

Is there any better options?

Now: Back to npm.
Again, ok, I shall leave it to "the system" to do t.
However, it slightly worries me that there were that many problems found and it hadn't updated itself by then.

Believe me it had been online long enough. (Say 8 hours)

Luckily it isn't that often fully online - as in complete internet access. Which is good as it reduces the risk of being attacked.

But when it is, I see it as dangerous that it is "that far behind" in updates.

Thoughts?

What makes you think npm will update itself?
What specific problems are there with npm that you think you need to update urgently.

I think that he means he will leave it for nodejs updates to deal with. Node always has a matching npm version.

Normally, I would absolutely agree with you. It is only that I've been bitten by an upgrade that causes me to hesitate. To be honest, npm seems to have improved greatly over the last couple of years - probably at least in part thanks to the competition from Yarn. So it is unlikely that you would get a problem like that any more. So if the message annoys you enough, by all means try running it - with SUDO of course.

I can't say that I've seen any serious security issues with npm recently though and anything really serious would undoubtedly be highlighted in the tech press and twitter since npm is such a core tool to so many people now.

In regard to installing nodes - you may wish to note that the next version of Node-RED exposes the npm install logs for node installations so you can see what is going on. Some npm installations can take a long time if they have binary components that have to be compiled - on the original Pi's, some can take hours to compile.

Thanks very much TotallyInformation.

Twitter? (Cringe) Sorry. That and bookface. Wouldn't touch them with a barge pole.

WRT installation of new nodes.
I'm probably giving the poor RPI too much to do.
The load is running at about 50-60% all the time.
(That's from my 10 second polling and gauge/history)

(All)
It isn't I want to complain/be difficult.

I am blind sided by things.
(Hoping I remember)
So NR is not sudo requiring. NPM is.
I shall try to ignore any warnings I see when installing a new node.
But (and I'm sorry for all the but's I put in the replies/posts) until I get familiar/happy with what I am seeing, I would prefer to err on the side of caution.

Things change and what is true now may not be in the future.
Without wanting to double check everything I do, I simply want to be confident I am not leaving anything exposed. If you get my meaning.

And again:
Appreciated for the help/replies.
Though it may sometimes seem I don't. I really do.
Without your (all of you) help, I would be "dead in the water".

The simpletime is really simple, you could use a function.

function pad(number) {
  if (number < 10) {
    return '0' + number;
  }
  return number;
}
    
const monthNames = ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'];
const dayNames = ['Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat'];
var d = new Date();

msg.mydate = d.toDateString();
msg.myyear = d.getFullYear();
msg.mymonth = monthNames[d.getMonth()];
msg.mymonthn = pad(d.getMonth() + 1);
msg.mydom = d.getDate();
msg.myday = dayNames[d.getDay()];
msg.myhour = d.getHours();
msg.mytime = d.getHours()+':'+pad(d.getMinutes());
msg.mytimes = d.getHours()+':'+pad(d.getMinutes())+':'+pad(d.getSeconds());
msg.myminute = d.getMinutes();
msg.myminutes = pad(d.getMinutes())+':'+pad(d.getSeconds());
msg.mysecond = d.getSeconds();
msg.myepoch = d.getTime();
msg.myrawdate = d;
            
return msg;

Haha, well I agree about FB, I do have it because some friends use it to keep in touch but I never post on it myself. Twitter however is very useful for some things. Oddly, the cyber security community uses it extensively to keep in touch.

Well, that's a little high maybe but it is a plucky little thing and seems to just keep going as long as you don't let it overheat.

Correct. Just remember local (nodes, projects, etc) and global (system-wide, command-line commands).

Don't ignore them, get familiar with them :wink:

Yep, caution is good!

@Trying_to_learn if this thread is about npm issues rather than the Simpletime node, then perhaps (as already said above) it would make sense to go to the top of the thread, hit the :pencil2: icon, and give this thread more appropriate title.

Well, it started as me trying to install simpletime. But then from that the **** hit the fan.

I posted what happened from me doing that and this is where we are.

I think we had maybe better let things be as they are and I shall learn from what has been told to me and all should be good.

I didn't exactly set out to post an ambiguous thread.
(local time 23:24. I think it is time for some down time.)
But to be accommodating, I shall do that.

2 Likes