@gkiely/safe-install 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +6 -5
- package/package.json +2 -1
package/README.md
CHANGED
|
@@ -44,7 +44,7 @@ npm i --ignore-scripts -D safe-install
|
|
|
44
44
|
4. Find dependencies that declare install-time scripts:
|
|
45
45
|
|
|
46
46
|
```sh
|
|
47
|
-
npm run safe-install --
|
|
47
|
+
npm run safe-install -- review-deps
|
|
48
48
|
```
|
|
49
49
|
|
|
50
50
|
5. Review the output, then add trusted packages to `package.json`. You can also
|
package/dist/index.d.ts
CHANGED
|
@@ -20,7 +20,7 @@ type SafeInstallConfig = {
|
|
|
20
20
|
};
|
|
21
21
|
export declare function getSafeInstallConfig(pkg: PackageJson): SafeInstallConfig;
|
|
22
22
|
export declare function assertNoBlockedExoticSubdeps(config: SafeInstallConfig, packageLock: PackageLock): void;
|
|
23
|
-
export declare function
|
|
23
|
+
export declare function reviewDepsCommand(): void;
|
|
24
24
|
export declare function installCommand(): void;
|
|
25
25
|
export declare function main(args?: string[]): void;
|
|
26
26
|
export {};
|
package/dist/index.js
CHANGED
|
@@ -38,7 +38,7 @@ export function findInstallScriptDependencies(packageLock, trustedDependencies =
|
|
|
38
38
|
const trusted = new Set(trustedDependencies);
|
|
39
39
|
const found = new Set();
|
|
40
40
|
for (const [path, pkg] of Object.entries(packageLock.packages ?? {})) {
|
|
41
|
-
if (pkg.link) {
|
|
41
|
+
if (path === "" || pkg.link) {
|
|
42
42
|
continue;
|
|
43
43
|
}
|
|
44
44
|
const name = pkg.name ?? packageNameFromPath(path);
|
|
@@ -120,10 +120,11 @@ function printHelp() {
|
|
|
120
120
|
|
|
121
121
|
Usage:
|
|
122
122
|
safe-install Run npm install with scripts disabled, then rebuild trusted dependencies
|
|
123
|
-
safe-install
|
|
123
|
+
safe-install review-deps
|
|
124
|
+
List dependencies that declare install-time scripts
|
|
124
125
|
`);
|
|
125
126
|
}
|
|
126
|
-
export function
|
|
127
|
+
export function reviewDepsCommand() {
|
|
127
128
|
const dependencies = findInstallScriptDependencies(readPackageLock(), getTrustedDependencies(readPackageJson()));
|
|
128
129
|
if (dependencies.length === 0) {
|
|
129
130
|
console.log("No untrusted dependencies with install-time scripts found.");
|
|
@@ -154,8 +155,8 @@ export function main(args = process.argv.slice(2)) {
|
|
|
154
155
|
installCommand();
|
|
155
156
|
return;
|
|
156
157
|
}
|
|
157
|
-
if (command === "
|
|
158
|
-
|
|
158
|
+
if (command === "review-deps") {
|
|
159
|
+
reviewDepsCommand();
|
|
159
160
|
return;
|
|
160
161
|
}
|
|
161
162
|
if (command === "--help" || command === "-h") {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@gkiely/safe-install",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.2",
|
|
4
4
|
"description": "Run npm installs with lifecycle scripts disabled, then rebuild explicitly trusted dependencies.",
|
|
5
5
|
"author": "Grant Kiely <grant@youneedawiki.com>",
|
|
6
6
|
"license": "MIT",
|
|
@@ -45,6 +45,7 @@
|
|
|
45
45
|
"build": "tsc -p tsconfig.build.json",
|
|
46
46
|
"prepack": "npm run build",
|
|
47
47
|
"prepublishOnly": "npm run typecheck && npm test",
|
|
48
|
+
"safe-install": "node dist/index.js",
|
|
48
49
|
"test": "node --test",
|
|
49
50
|
"typecheck": "tsc --noEmit"
|
|
50
51
|
},
|