I know it is now customary to paste (or pipe!) shell scripts from webpages into ones root shell. In the recent past we called this "getting rooted" it was not something you did intentionally.
Source: https://nodejs.org/en/download/package-manager/#debian-and-ubuntu-based-linux-distributions
curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
This security model requires you to trust: curl, the Node project, the authors of nodesource.com, Google's ranking of nodesource.com, other people that might control nodesource.com, various cryptographic infrastructure between your computer and nodesource.com (TLS 1.0 anybody?), and most importantly, the immutability (resource integrity) of the resource at https://deb.nodesource.com/setup_8.x.
For important software, I am more used to trusting a distributor (Ubuntu) to review and validate these details for me.
Is there a better way to install npm for somebody that has more than a dog's level of understanding of computer security?
Here's what I did to install NodeJS 14 on Debian Bullseye:
/etc/apt/trusted.gpg.d/nodejs.ascecho "deb https://deb.nodesource.com/node_14.x $(lsb_release -c -s) main" to get the source entry. For me this was "deb https://deb.nodesource.com/node_14.x bullseye main"/etc/apt/sources.list.d/nodesource.listsudo apt updatesudo apt install nodejsnode -v