Hoping for some server/site maintence pointers

I’m running my ghost site on a DigitalOcean droplet and back up and update to the latest Ghost version fairly regularly. Everything is working fine, however, I’m not very command-line savvy and would appreciate some pointers on how to run more advanced server maintenance when necessary.

Updating Ghost CLI
When I last updated Ghost, I got a message saying ghost-cli needed to be updated, so I ran the suggested command sudo npm install -g ghost-cli@latest from within my Ghost instance, which gave me npm permission errors, so I exited and ran the command from root@my-site, which worked, but then I read in the ghost-cli docs that it needs to be installed with a “non-root user,” so I want to know if that’s a big mistake or just a noob error that won’t matter much? So far the site is still running fine.

Updating other things
I’m increasingly getting messages in my server about updating other things, such as (listing the versions I have):

  • Ubuntu 20.04.4 LTS
  • Node.js v16.15.0
  • npm 8.5.5

When I ran the npm command to upgrade the cli, I also got the following message:

8 vulnerabilities (4 moderate, 4 high)

To address all issues (including breaking changes), run:
  npm audit fix --force

but running the audit fix command just gave me another error, This command requires an existing lockfile.

I’d appreciate any help with knowing whether this is all just negligible for now, or, if I need to update things, how and where I should go about doing that. Though I can generally follow along with the Ghost Documentation, sometimes I get confused about what commands I need to run at what level of my server: root@my-site > ghost-mgr@my-site > ghost-mgr@my-site:/var/www/ghost

Thanks!