These are valid concerns, I’m not sure why you’re being downvoted given there have been several instances of viruses being distributed over npm, pip, and other package managers. There’s no way to stay 100% safe, but if you’re unsure about a package you can always go to https://npmjs.com and view the source code, downloads, and reported issues there Answer from kkingsbe on reddit.com
npm
docs.npmjs.com › downloading-and-installing-node-js-and-npm
Downloading and installing Node.js and npm | npm Docs
To publish and install packages to and from the public npm registry or a private npm registry, you must install Node.js and the npm command line interface using either a Node version manager or a Node installer. We strongly recommend using a Node version manager like nvm to install Node.js and npm.
Node.js
nodejs.org › en › download
Node.js — Download Node.js®
with npm · InfoWant new features sooner? Get the latest Node.js version instead and try the latest improvements! BashCopy to clipboard and their installation scripts are not maintained by the Node.js project. If you encounter any issues please visit 's website ·
When I follow tutorials that tell me to run "npm install X", should I download the module, scan it for viruses, before doing the "install"?
These are valid concerns, I’m not sure why you’re being downvoted given there have been several instances of viruses being distributed over npm, pip, and other package managers. There’s no way to stay 100% safe, but if you’re unsure about a package you can always go to https://npmjs.com and view the source code, downloads, and reported issues there More on reddit.com
37
42
January 14, 2025Linux: Best way to install node & npm
my preferred options. firstly, do not install from apt, it gets too old of versions instead, go to https://github.com/nodesource/distributions#debian-and-ubuntu-based-distributions which gives you a new apt repository, and then you can install from apt or, just use nvm ( https://github.com/nvm-sh/nvm ) or fnm ( https://github.com/Schniz/fnm ). fnm is nice because it does not lag shell startup as much as nvm. these latter two options may be better for dev than production, just since it is mostly installed to your local environment More on reddit.com
13
1
December 8, 2022node.js - How to npm install to a specified directory? - Stack Overflow
Is it possible to specify a target directory when running npm install ? More on stackoverflow.com
npm install stuck on idealtree builddeps
Okay cool, so I found a solution that worked for me - though the steps above are what I recommend to try out first because those are common issues as well: On MacOS (M1 and M2 chip) switching the IPV6 from Automatically to Link-local only fixed a very similar issue. When I tried adding registry.npmjs.org, npm was similarly getting "stuck". To apply this setting go to System Preferences >> Network >> press Advanced >> TCP/IP tab >> on Configure IPv6 select Link-local only and apply After applying this change, set the registry again and clear the cache again to be sure More on reddit.com
23
28
November 19, 2022How to install npm in terminal?
To install npm, open terminal,sudo apt install nodejs //to install Nodejs,node -v or node –version //to verify installation of Node.js,sudo apt install npm //to install npm,npm -v or npm –version //to verify installation of npm
radixweb.com
radixweb.com › blog › installing-npm-and-nodejs-on-windows-and-mac
How to Install NPM and Node.js on Windows and Mac Devices?
Does npm install work on Windows?
Yes, npm install works on the Windows system as well.
radixweb.com
radixweb.com › blog › installing-npm-and-nodejs-on-windows-and-mac
How to Install NPM and Node.js on Windows and Mac Devices?
How to install npm in VS Code?
To install npm in VS Code:Ctrl+P and write ext install npm script runner,Restart VS Code,You can run npm commands directly in terminal (ctrl + `). Make sure that terminal has cmd.exe as the shell selected.You can default cmd.exe as your shell by following these steps.Ctrl+Shift+p,Type > Select Default Shell + Enter,Select > Command Prompt ...cmd.exe,Restart VS Code
radixweb.com
radixweb.com › blog › installing-npm-and-nodejs-on-windows-and-mac
How to Install NPM and Node.js on Windows and Mac Devices?
Videos
03:54
How to Install NodeJS and NPM in 2024 - YouTube
15:32
npm for absolute beginners - YouTube
09:04
How to Install Node.JS and NPM on Windows | How to Install NPM ...
03:54
How to Install NodeJS and NPM in 2024
02:54
How to Install Node.js on Window 11 (2025) - YouTube
npm
docs.npmjs.com › cli › v8 › commands › npm-install
npm-install | npm Docs
This command installs a package and any packages that it depends on. If the package has a package-lock, or an npm shrinkwrap file, or a yarn lock file, the installation of dependencies will be driven by that, respecting the following order of precedence:
Ramotion
ramotion.com › blog › how-to-install-npm
A Step-by-Step Guide to Install NPM for Beginners | Ramotion Agency
July 10, 2025 - Complete fuide how to install NPM is here. Learn to install npm, the Node Package Manager, on Windows, macOS, and Linux.
GitHub
gist.github.com › thejmazz › 72456e3f29cf0bf56d4a
Install Node and npm on Linux/OS X/Windows w/o sudo · GitHub
The simplest option is ~/node. If you want to keep your home folder clean, you can install node to /usr/local/node. Then you will have to sudo chown `whoami` /usr/local/node. If you are on a server and want to give different users the same global node and npm packages,
n8n
docs.n8n.io › hosting › installation › npm
npm | n8n Docs
npm is a quick way to get started with n8n on your local machine. You must have Node.js installed.
Snyk
snyk.io › articles › npm-security-best-practices-shai-hulud-attack
NPM Security Best Practices: How to Protect Your Packages After the 2025 Shai Hulud Attack | Snyk
2 weeks ago - This cheat sheet takes those lessons and turns them into a concrete set of practices that you can apply today: configuring safe‑by‑default package manager settings, hardening against supply chain attacks, enforcing deterministic and secure dependency resolution, wiring in continuous vulnerability and package‑health checks, and mapping each of these controls to npm, pnpm, Bun, and the rest of your toolchain. The goal is not to react to Shai‑Hulud specifically, but to make your day‑to‑day npm usage resilient against the class of attacks it represents. ... Your goal is to stop arbitrary code from running during install.
Kinsta®
kinsta.com › home › resource center › blog › node.js › how to install node.js and npm on windows, macos, and linux
How to install Node.js and npm on Windows, macOS, and Linux
May 31, 2024 - Learn how to install Node.js and npm on your Windows, macOS, or Linux operating systems with the most straightforward step-by-step guideline.
Radixweb
radixweb.com › blog › installing-npm-and-nodejs-on-windows-and-mac
How to Install NPM and Node.js on Windows and Mac Devices?
September 17, 2025 - Learn what is NPM, how to install Node.js and NPM on Mac and Windows, Node.js installation with Homebrew and NVM and few points to consider while installing Node.js and NPM.
Reddit
reddit.com › r/node › when i follow tutorials that tell me to run "npm install x", should i download the module, scan it for viruses, before doing the "install"?
r/node on Reddit: When I follow tutorials that tell me to run "npm install X", should I download the module, scan it for viruses, before doing the "install"?
January 14, 2025 -
I see many tutorials online that just say run "npm install X" nonchalantly. In the past, websites used to add safety remarks such as "only download programs from websites you trust!" and "always keep your virus scanner up to date!".
But telling people to just do "npm install X" without warning them to practice safety seems to reject the safety of yesteryear.
I'm not worried about modules installing malicious code just as crypto miners on the server. I'm only worried about it installing it on my computer!
Top answer 1 of 11
50
These are valid concerns, I’m not sure why you’re being downvoted given there have been several instances of viruses being distributed over npm, pip, and other package managers. There’s no way to stay 100% safe, but if you’re unsure about a package you can always go to https://npmjs.com and view the source code, downloads, and reported issues there
2 of 11
33
You're right, it is insecure as hell. But it's also fast, cheap, and the responsibility for security is nobody's. Welcome to open-source-based software development in 2025! If you think it shouldn't be like this, then this is for you: https://github.com/LavaMoat/LavaMoat
Node.js
nodejs.org › en › learn › getting-started › an-introduction-to-the-npm-package-manager
Node.js — An introduction to the npm package manager
You can also install a specific package by running ... Furthermore, since npm 5, this command adds <package-name> to the package.json file dependencies.
Microsoft Learn
learn.microsoft.com › en-us › visualstudio › javascript › npm-package-management
Manage npm packages for Node.js and ASP.NET Core projects - Visual Studio (Windows) | Microsoft Learn
If you have multiple projects in your solution specify the name or the path of the project in brackets. .npm [MyProjectNameOrPath] install [email protected] ... If your project doesn't contain a package.json file, use .npm init -y to create a new package.json file with default entries.
npm
npmjs.com
npm | Home
Get started today for free, or step up to npm Pro to enjoy a premium JavaScript development experience, with features like private packages.
Express.js
expressjs.com › en › starter › installing.html
Installing Express
Learn how to install Express.js in your Node.js environment, including setting up your project directory and managing dependencies with npm.
Reddit
reddit.com › r/node › linux: best way to install node & npm
r/node on Reddit: Linux: Best way to install node & npm
December 8, 2022 -
Should I dow load the tarball file from the nodejs website and install it manually or should I use the package in the debian package repo?
How would one install the tarball version and update nodejs and npm to a newer version manually?
Top answer 1 of 5
4
my preferred options. firstly, do not install from apt, it gets too old of versions instead, go to https://github.com/nodesource/distributions#debian-and-ubuntu-based-distributions which gives you a new apt repository, and then you can install from apt or, just use nvm ( https://github.com/nvm-sh/nvm ) or fnm ( https://github.com/Schniz/fnm ). fnm is nice because it does not lag shell startup as much as nvm. these latter two options may be better for dev than production, just since it is mostly installed to your local environment
2 of 5
4
asdf can install and manage not only Node, but most any other language runtime or related tool. Even if you're using only Node now, you never know. We have several languages used at our company and having asdf is really great as it will handle all of it via plugins.
Top answer 1 of 6
475
You can use the --prefix option:
mkdir -p ./install/here/node_modules
npm install --prefix ./install/here <package>
The package(s) will then be installed in ./install/here/node_modules. The mkdir is needed since npm might otherwise choose an already existing node_modules directory higher up in the hierarchy. (See npm documentation on folders.)
2 of 6
86
As of npm version 3.8.6, you can use
npm install --prefix ./install/here <package>
to install in the specified directory. NPM automatically creates node_modules folder even when a node_modules directory already exists in the higher up hierarchy.
You can also have a package.json in the current directory and then install it in the specified directory using --prefix option:
npm install --prefix ./install/here
As of npm 6.0.0, you can use
npm install --prefix ./install/here ./
to install the package.json in current directory to "./install/here" directory. There is one thing that I have noticed on Mac that it creates a symlink to parent folder inside the node_modules directory. But, it still works.
NOTE: NPM honours the path that you've specified through the --prefix option. It resolves as per npm documentation on folders, only when npm install is used without the --prefix option.
Top answer 1 of 16
269
Fresh installation
Use the NodeSource PPA. For details look at the installation instructions. First, choose the Node.js version you need and add the sources for it:
v=8 # set to 4, 5, 6, ... as needed
curl -sL https://deb.nodesource.com/setup_$v.x | sudo -E bash -
Then install the Node.js package.
sudo apt-get install -y nodejs
P.S.: curl package must be installed on server for these code lines.
Upgrading
If you have nodejs already installed and want to update, then first remove current instalation and install it again using scripts above.
sudo apt-get purge nodejs npm
2 of 16
180
Generally speaking, loading arbitrary data from a URL into a root shell session is not a good idea and I wish people would stop peddling it as a solution for everything - "Please just run this script I'm sending you, and also while we're at it - I have a bridge you'd probably be interested in purchasing".
As an alternative, here's the "Ubuntu Way" of doing the same, where you can see how the system is being updated and know what repositories and what keys are added to your system configuration:
curl https://deb.nodesource.com/gpgkey/nodesource.gpg.key | sudo apt-key add -
sudo apt-add-repository "deb https://deb.nodesource.com/node_7.x $(lsb_release -sc) main"
sudo apt-get update
sudo apt-get install nodejs
And here's the "post deprecation of apt-key way" of doing the same thing:
curl https://deb.nodesource.com/gpgkey/nodesource.gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/nodesource.gpg
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_7.x $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/nodejs.list
sudo apt update
sudo apt install nodejs
This is for the latest (at time of writing) Nodejs version 7. Other versions can also be gotten with a simple change to the repo URL - consult nodesource.com documentation for details.
Microsoft Learn
learn.microsoft.com › en-us › windows › dev-environment › javascript › nodejs-on-windows
Set up Node.js on native Windows | Microsoft Learn
Node Version Manager, more commonly called nvm, is the most popular way to install multiple versions of Node.js, but is only available for Mac/Linux and not supported on Windows. Instead, we recommend installing nvm-windows and then using it to install Node.js and Node Package Manager (npm).