View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us

How to Install Node.js on Ubuntu 22.04

Published by John Mueller
Traducciones al Español
Estamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
Create a Linode account to try this guide with a $ credit.
This credit will be applied to any valid services used during your first  days.

Developers use Node.js to perform many tasks. It’s used to install other applications, run server-side code, and execute JavaScript for user environments such as web applications. This guide shows you how to install Node.js on Ubuntu 22.04.

Before You Begin

  1. If you have not already done so, create a Linode account and Compute Instance. See our Getting Started with Linode and Creating a Compute Instance guides.

  2. Follow our Setting Up and Securing a Compute Instance guide to update your system. You may also wish to set the timezone, configure your hostname, create a limited user account, and harden SSH access.

Note
This guide is written for a non-root user. Commands that require elevated privileges are prefixed with sudo. If you’re not familiar with the sudo command, see the Users and Groups guide.

Installing Node.js

There are a number of options to configure Ubuntu 22.04 for Node.js. These sections discuss the three most popular techniques.

Installing Node.js from the Default Repositories

The following steps show the simplest method to get the current Node.js implementation for Ubuntu 22.04 using the default repositories.

  1. Install Node.js:

    sudo apt install -y nodejs

  2. Once the install is complete, verify your Node.js installation:

    node -v

    This information is important, as you may need a different version of Node.js to perform a particular task.

  3. Optional: Enter the following command to install the Node Package Manager (NPM), which provides additional flexibility for Node.js management:

    sudo apt install -y npm
    Note
    Some scripts also rely on NPM to verify Node.js features or perform other tasks.

  4. Optional: Verify your NPM version:

    npm -v

Installing a Specific Version

A task may require a specific version of Node.js. The example steps below show how to install the most current Node.js version 16.x setup. However, the 16 in can be replaced with any other major supported version, including 19 (also current), 18 (also lts), or 14.

  1. Obtain the Node.js source:

    curl -sL https://deb.nodesource.com/setup_16.x | sudo -E bash -

  2. Install the 16.x version of Node.js:

    sudo apt-get install -y nodejs
    Note
    This process also automatically installs NPM.

  3. Verify that the correct version of Node.js is installed:

    node -v

    The output should display v16.19.1 or above.

  4. Ensure that the most current version of NPM is installed:

    sudo npm install -g npm@latest

  5. Check the NPM version:

    npm -v

    The output should display version 9.5.1 or above.

Node.js for Developers

The Node Version Manager supports multiple versions of Node.js on a single system. This is so it can test scripts using multiple Node.js versions. You can find the procedure for working with NVM here.

Securing Node.js

Node.js provides a powerful scripting engine that could be misused by others. Installing Node.js without following best practices is an open invitation to hackers. This list provides basic steps you can use to make your instance of Node.js more secure:

  • Do not run Node.js as the root user: Assume that a hacker gains access to your system. Running code as the root user means the hacker has a valuable resource to break everything else down. Instead, run Node.js with only the rights needed for the specific application in question.

  • Use strong authentication: The first line of defense for your application is to ensure that the user is not a hacker. The best practice is to use a tool such as Okta or OAuth for authentication.

  • Use a reverse proxy: A reverse proxy is a specialized kind of web server that makes it possible to do things like limit the number of requests a Node.js application can receive. Basically, the reverse proxy receives the user request, vets it to ensure the request is valid, and only then passes it to the Node.js application.

  • Set package access levels: One of the reasons to install a package manager like NPM is to control who can access packages and how they do so. In fact, NPM comes with a wealth of commands.

  • Validate user inputs: Node.js is vulnerable to injection-based attacks, so it’s essential to verify that the user is sending data, and not an executable script.

  • Keep secrets secret: Storing sensitive information like database connection strings and API keys in code is a bad idea. Using a specially configured library like dotenv makes it possible to load and store environment variables in a secure manner.

  • Keep error messages generic: Error messages such as “Password Invalid” provide too much information. It tells the hacker that the name supplied was valid and reduces the amount of work the hacker must perform to gain access to the system. Use a message like “Invalid Input” instead. This conveys enough information for the user to make a correction without giving too much away.

  • Add HTTP response headers: An HTTP response header adds security that forces the user’s browser to take various actions. These include relying on strict transport security, displaying content in frames, and preventing Multipurpose Internet Mail Extensions (MIME) type from changing.

  • Maintain server-side logs and monitor them: Server-side logging ensures that administrators know what is going on with their servers. Keeping track of every transaction may seem like overkill, but it often surfaces patterns in transactions. These patterns can show if a hacker is interested in your site.

  • Check code using a security linter: A linter is an essential tool that helps improve code. A security linter specifically looks for security issues in code. A security linter helps locate the vast majority of security issues. There is no guarantee that a hacker won’t find another way in, so use the other methods in this list as well to secure your application.

Starting, Stopping, and Restarting Node.js on Ubuntu 22.04

Working with Node.js is easier when NPM is installed. Here are some useful commands to interact with installed packages:

  • npm ls: List the installed packages to determine if you need to install a package before you run it.

  • npm run-script: Starts the specified script.

  • npm start: Starts the specified package.

  • npm stop: Stops the specified package.

  • npm restart: Restarts the specified package.

NPM commands are the best way to manage scripts and packages and there are several to help do so.

Should a rogue process not work correctly with NPM or Node.js, there is a three-stop process to stop it:

  1. List all of the running node processes:

    sudo ps -ef | grep node

  2. Locate the node to be eliminated and obtain its process identifier (PID) from the second column of the following command’s output:

    ps -ef

  3. Stop the errant process:

    kill -9 <PID>
    Note

    The -9 is a kill signal (with -15 being the other common, less extreme, kill signal). A listing of the various kill commands can be obtained with:

    kill -l

Removing Node.js

To remove the current version of Node.js (and NPM, if installed), enter the following command:

sudo apt remove -y nodejs
Note

To remove only the current version of NPM, use the following command:

sudo apt remove -y npm

Conclusion

Node.js has a lot to offer in running server-side code. When paired with a package manager, it’s an unbeatable combination that makes the work of both administrators and developers easier. There are two main considerations for Node.js use. First, to obtain and install the correct version for a particular need. Second, to then secure the installation in order to keep hackers at bay.

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

This page was originally published on

Your Feedback Is Important

Let us know if this guide was helpful to you.

Join the conversation.
Read other comments or post your own below. Comments must be respectful, constructive, and relevant to the topic of the guide. Do not post external links or advertisements. Before posting, consider if your comment would be better addressed by contacting our Support team or asking on our Community Site.
The Disqus commenting system for Linode Docs requires the acceptance of Functional Cookies, which allow us to analyze site usage so we can measure and improve performance. To view and create comments for this article, please update your Cookie Preferences on this website and refresh this web page. Please note: You must have JavaScript enabled in your browser.