You can't please everyone.

Don't try to be secure if it'll fail. If someone really wants to encourage this all the time, then they can do `npm config set unsafe-perm false` explicitly. In the npm 1.0 future, it will probably require sudo for global installing no matter what, and use this behavior for local installing. Since so many people have npm installing in their home dir, requiring sudo is causing more trouble than it's worth.
npm · Feb 19, 2011 · dae3259 · dae3259
1 parent 31e4478
commit dae3259
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/lib/utils/default-config.js b/lib/utils/default-config.js
@@ -50,6 +50,7 @@ module.exports =
                   || process.platform === "cygwin"
                   || !( process.getuid && process.setuid
                      && process.getgid && process.setgid )
+                  || process.getuid() !== 0
   , "update-dependents" : true
   , usage : false
   , user : "nobody"