Two others touched on the sudo part but the global flag is as bad. So they have a gulp file that works with gulp "v1". Gitter goes bust (inactive), next year gulp is bumped to "v2", you want to try out gitter, gulp fails, you have to digg why. Another scenario is when another project asks you do the same, install gulp globally, but it actually means gulp "v0". Now you can't run to projects side by side.

Global deps should be versioned, the same way you do not see a respectable npm module with "*" semver in its package.json.

Seeing things like this in 2017 from smth like gitter! now owned by gitlab! is just a big red warning "amateur work, please look away".

How can you have a Makefile, a Makefile! and still require gulp, and still require people to run "npm install"? How? Where's the bare minimum logic?

As Gitter was originally built as closed source with a team of people working exclusively on Gitter, this has never really been a problem for us.

This is very much v1 of the setup/instructions and would be delighted to improve them with any MRs or contributions. We'll certainly improve them ourselves over time as we get more people in less controlled environments adopting the project.

Running any npm module install script through sudo is a bad idea unless you are very sure of exactly what will be installed and how. There's a reason why distribution packages are generally signed and package managers require packages match repo sigs.

It's not really that bad, unless you install it with sudo. The need to have gulp installed globally is unnecessary. They could just add it as a normal dependency and put the specific gulp command in the scripts section of their package.json. It wouldn't require the user to do anything extra.