BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] node.js and npm on Debian?
- Subject: [Discuss] node.js and npm on Debian?
- From: dsr at randomstring.org (Dan Ritter)
- Date: Tue, 13 Feb 2018 14:06:41 -0500
- In-reply-to: <79192ce06b0d6a486bee904a328aafb8.squirrel@swarm00.ci.net>
- References: <mailman.5.1518541203.12900.discuss@blu.org> <79192ce06b0d6a486bee904a328aafb8.squirrel@swarm00.ci.net>
On Tue, Feb 13, 2018 at 10:51:41AM -0800, Rich Braun wrote: > Kent Borg <kentborg at borg.org> asks: > > But I can't figure out how to install npm. When I search for > > installation instructions they all seem to want me to pipe a curl > > command into a sudo bash. Huh? That's scary as hell. > > Let others do the installation for you: my go-to technology for this is > Docker. First get docker installed > (https://docs.docker.com/install/linux/docker-ce/debian/). Then look for the > official containerized release of node here: > https://hub.docker.com/r/library/node/. Choose which versions of Node and > Debian that you want (look among the available tags); example 8.9.4 on > stretch. To run it, really all you need to type is this: > > docker run -d --name nodejs node:latest sleep 7d > docker exec -it nodejs bash > > You'll be at a shell prompt that includes Node.JS and npm. You can use the > "--volume" parameter to map a working directory into the container and to map > the modules you decide to install (/usr/local/lib/node_modules/npm), enabling > you to edit files on your host and work with them at the container's bash > prompt. Docker's drop-dead simple to learn, and it solves so many of these > installation headaches. And transfers those headaches to your security and ops teams. There's a new RCE vulnerability against node-sprintf version 1.1.0. Where is it running? Is it safe to keep running your containers until the weekend, or do you need to replace some today? You've got a display inconsistency in floating point representation. Which of your deployed containers has it? What libraries were they using? If it's a one-line fix, can you insert the patched library on every container or do you need to rebuild every container? Your QA team tested version 10.4.2, but node:latest is pulling in 10.4.2a since some point after your got it tested but before you deployed. Does your deployment process guarantee the version number that you tested is the version you deployed? All of those problems are solved by configuration management and deployment systems, and containers at best obfuscate them. -dsr-
- Follow-Ups:
- [Discuss] node.js and npm on Debian?
- From: richb at pioneer.ci.net (Rich Braun)
- [Discuss] node.js and npm on Debian?
- From: smallm at sdf.org (Mike Small)
- [Discuss] node.js and npm on Debian?
- References:
- [Discuss] node.js and npm on Debian?
- From: richb at pioneer.ci.net (Rich Braun)
- [Discuss] node.js and npm on Debian?
- Prev by Date: [Discuss] node.js and npm on Debian?
- Next by Date: [Discuss] node.js and npm on Debian?
- Previous by thread: [Discuss] node.js and npm on Debian?
- Next by thread: [Discuss] node.js and npm on Debian?
- Index(es):