How to Securely Install Node and NPM on Linux via NVM
In this lesson we're going to walk through how to install and configure node and the node package manager also called NPM on our Linux machine.
Guide Tasks
  • Read Tutorial
  • Watch Guide Video
Video locked
This video is viewable to users with a Bottega Bootcamp license
APPLY NOWLEARN MORE

Now you may think that in order to install node that you simply have to come here to the nodejs site and click download.

large

and if you're on a Windows machine then you would be able to do that. But there are a few more steps with Linux and so that's what we are going to walk through in this guide.

Now if you go to the ask Ubuntu forum on this and if you ask how to install the latest version of nodejs and npm you will get an incredible flame throw type war on what is the right way and the wrong way to install node on a Linux system. So this is not as simple as you may think. And so that is why it's very important to follow along and especially because interestingly enough the accepted answer and by far the most popular one is something that's quite dangerous from a security perspective.

What this individual said to do was to call curl which curl is a command that you use whenever you want to pull in data from an outside url from the command line. And so they're saying to call curl with this url and then to sudo this with the bash.

large

Now if everything I just said sounds like a foreign language, don't worry when you don't need to know the ins and outs of everything right here. Just know essentially what they're saying to do is to allow this url to have root access to your entire system and so if this node source site were to get hacked so even if they didn't do it on purpose but imagine that they got hacked and you ran this command you could be giving those hackers access to your system.

And giving access to your virtual box is bad enough but imagine that you follow these same steps when it's time for you to install node on one of your company's servers. That could lead to a number of security risks so I really would not recommend doing this and this is definitely not the way that we're going to do it. And if you even look down into the comments you'll see different comments like curling into the shell is so wrong in so many ways and this gentleman is perfectly accurate with that statement.

So instead what we're going to do is we're going to use a tool called nvm and this stands for node version manager. And so this is going to give us a secure and stable way of working with node. So the way that we can do this is to follow the installation instructions.

large

and the first thing we're going to do is we are going to curl but we're not going to give root access to bash so even if this install script was a bad one they are not going to be able to do anything with admin privileges so this is a much more secure way of doing this. Oh and before we do this we also are going to need to install curl. If your system did not come with that by default.

So in order to do that we just say sudo apt-get install curl and then give your pseudo password and then this is going to go and install curl for you.

large

Now that we have that come back and copy this entire command and then paste it directly into the terminal. 

curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.8/install.sh | bash

And then this is going to perform a few steps for us.

large

So the very first thing that it's going to do is it's going to bring down nvm and if I type ls ~/.nvm this isn't going to run a process it's simply going to list out this file.

large

So nvm installed this directory on our system and it simply set of scripts and tools that we can use to customize the Node version manager if we want to but we're not going to worry about that right now. The other thing that it did is it configured our bash script which if we are working right now in the terminal this is what is called the bash terminal and so if you're working in the bash terminal you need to have certain commands so if I want to type in what I'm you do here. So if I want to type in nvm -v. Oh, and it looks like we need to restart our computer or not our computer just the terminal because it didn't find it.

large

So if I want it to find it I can click back on the terminal here and nvm -v and so now it's working.

large

So I'm glad I ran into that err because it's interesting. I've installed nvm a number of times and I'd say 90 out of 100 times. It works with the first install but occasionally you do have to restart the terminal. So if yours didn't work either that's a way you can fix it. Now if what I just typed when I say nvm -v, in order for me to be able to type this the system has to know about it. So Linux has to be aware of this nvm command.

So the way that they did that is when they installed it they updated our settings file so you can find that if you go to vim ~/.bashrc. If you go all the way down to the bottom which we can do by typing in shift + G you can see it added 3 lines of code with nvm in it.

large

and so that gives us access to as you can see this .nvm directory the one we just looked at and then it adds some helpful shell commands so that's how we're able to run all of our nvm code. Now remember to get out of vim it is :qa and then we now can actually install node.

So let's come back to the instructions here scroll down a little bit. And verify it's been a while since I installed a new version of node. So just make sure that I have the right commands I'm pretty sure it's nvm install node and there it is. So we're just going to type nvm install node and this should bring it down for us. So nvm install node and for right now I'm just going to pass this by itself.

You also can install other versions of node but because this is a fresh install this should bring down the latest version so it's going to go out and as you can see it's bringing in Node version 9.9 and so it looks like everything there worked.

large

If I type node -v that works.

large

So that is telling us that we have access to node on our system and if I say npm we will see that this was brought in automatically. So npm -v and it has npm 5.6.

large

So when we installed node we also got npm just for free so that's helpful.

But let's not trust that this is working. Let's actually make NPM do something that will be more fun. So let's come to this site which I would put in the show notes and this is a react package that it's really JavaScript. It's a system that I built out that will auto-generate react and JavaScript applications for you. So in order to test if NPM's working we can simply run this command npm i devcamp-js-builder and if it is working then this is going to give us the ability to build javascript applications with just a couple clicks. If you're following along and you're not in a track that does a thing with javascript this is still just a good way of making sure that NPM and node is installed properly.

So type in npm i add a -G flag to install it globally and then enter and it looks like everything is working its going and installing it and there yes it worked.

large

Now to triple check that it's working type js-generate. And then if everything's working this should ask just one question so it's what project template would you like to generate.

large

We'll say just react-redux-router, and then what is a project name? It's my ReactTester and so now I can change into this ReactTester directory here and if I type LS you can see we have all of the various files.

large

so when we ran that generator everything works so that means we have javascript properly installed and we have node we have the NPM and they're all working flawlessly. So very nice if you went through that you now know how to work with the node version manager and how to securely get node and npm on your Linux machine.

Resources

npm