Fix nodemon.ps1 Execution Policy Error on Windows

Problem

When trying to use nodemon on Windows PowerShell, you may encounter this error:

nodemon.ps1 cannot be loaded because running scripts is disabled on this system

This occurs because Windows has a security feature called Execution Policy that restricts PowerShell script execution by default.

Overview of PowerShell Execution Policies

Execution policies are security measures that determine which PowerShell scripts can run on your system. The main policies include:

• Restricted: No scripts allowed (Windows default)
• RemoteSigned: Local scripts run, remote scripts need digital signatures
• Unrestricted: All scripts allowed with warnings for remote scripts
• Bypass: No restrictions and no warnings

WARNING

While Set-ExecutionPolicy Unrestricted works, it's not recommended as it reduces security significantly.

Recommended Solution: Use RemoteSigned Policy

The optimal solution balances security and functionality:

Set-ExecutionPolicy RemoteSigned -Scope CurrentUser

Step-by-step Implementation

1. Open PowerShell as Administrator:

   • Right-click Start menu
   • Select "Windows PowerShell (Admin)"

2. Check current execution policy:

   Get-ExecutionPolicy
   Get-ExecutionPolicy -List

3. Apply the secure policy:

   Set-ExecutionPolicy RemoteSigned -Scope CurrentUser

4. Confirm the change:

   Get-ExecutionPolicy

TIP

The -Scope CurrentUser parameter ensures the policy change only affects your account, not the entire system.

Why RemoteSigned is Secure

• Local scripts: Can run without signatures (your own nodemon installation)
• Remote scripts: Require digital signatures from trusted publishers
• Microsoft's recommendation: This is the default for Windows Server

According to Microsoft documentation:

"The execution policy isn't a security system that restricts user actions. For example, users can easily bypass a policy by typing the script contents at the command line when they cannot run a script. Instead, the execution policy helps users to set basic rules and prevents them from violating them unintentionally."

Alternative Solutions

Method 1: Run nodemon through npm scripts

Add to your package.json:

{
  "scripts": {
    "start": "node server/app.js",
    "dev": "nodemon server/app.js"
  }
}

Run with:

npm run dev

Method 2: Windows Settings Approach

1. Open Settings → Update & Security → For Developers
2. Enable "Change execution policy to allow local PowerShell scripts to run without signing"

Method 3: File Deletion (Not Recommended)

Locate and delete the .ps1 file causing the issue:

# Typically located at:
C:\Users\[YourUsername]\AppData\Roaming\npm\nodemon.ps1

DANGER

Deleting the nodemon.ps1 file may cause npm package management issues and is not a permanent solution.

Verification and Troubleshooting

After applying the recommended solution, verify nodemon works:

nodemon -v

If you encounter issues:

1. Restart PowerShell after policy changes
2. Check multiple scopes:

   Get-ExecutionPolicy -List

3. Reset if needed:

   Set-ExecutionPolicy Restricted -Scope CurrentUser

Best Practices

1. Always use the most restrictive execution policy that allows your work
2. Prefer -Scope CurrentUser over system-wide changes
3. Use npm scripts as wrappers for command-line tools
4. Keep your Node.js and npm updated to latest versions

Conclusion

The RemoteSigned execution policy provides the optimal balance for using nodemon on Windows while maintaining reasonable security. This approach allows you to run locally installed tools like nodemon while still protecting against potentially harmful remote scripts.

For most development scenarios, this solution eliminates the error without introducing significant security risks.