[reedlaw]

  As of version 0.3, it is recommended to run npm as root.
  This allows npm to change the user identifier to the nobody
  user prior to running any package build or test commands. [1]

npm modules that are used from the command line are often installed with the -g, or global switch so they can be used anywhere. Yeoman [2], for example, is installed to /usr/lib/node_modules/yo/bin/yo and owned by nobody:users on my system. While it's reassuring that these files are chowned to nobody, I confess I don't understand npm enough to tell if running it as sudo will not give modules root access in other ways to my machine.

1. https://npmjs.org/doc/README.html

2. http://yeoman.io/

[dmpk2k]

That's odd.

I've worked with node for a couple years. I've used npm hundreds of times, and I can count on one hand the number of times I've used it in combination with sudo (and all but one were a mistake).

  ~/dev $  ls /usr/local/lib/node_modules/
  jsontool npm

Every time I've used npm with sudo I've received a big warning in red to not do that.

[reedlaw]

Which version are you using? And do you install packages globally using the -g switch?

[dmpk2k]

Currently 1.2.11. As you can see above, I've only ever installed one package globally (jsontool).

[beatgammit]

I only use -g when installing runnables, like less, jade etc. I try very hard to reduce the number of CLI apps that I install this way (I've written several build.js scripts that use less/jade/etc as a library instead of an application) because I don't trust the npm repository (no signing, no guarantees, etc).

Please avoid -g unless installing a CLI tool. You will only end up in version hell if you install globally, which is what node_modules was designed to avoid.