@gkiely/safe-install 0.1.12 → 0.1.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -18
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -25,23 +25,19 @@ behind a reviewed allowlist in `package.json`.
|
|
|
25
25
|
ignore-scripts=true
|
|
26
26
|
```
|
|
27
27
|
|
|
28
|
-
Optionally enable:
|
|
28
|
+
Optionally enable (requires 11.14.0+):
|
|
29
29
|
|
|
30
30
|
```txt
|
|
31
|
-
allow-git=root
|
|
32
|
-
allow-remote=root
|
|
31
|
+
allow-git=root
|
|
32
|
+
allow-remote=root
|
|
33
33
|
```
|
|
34
34
|
|
|
35
|
-
`allow-git=root` and `allow-remote=root` let your project use direct Git or
|
|
36
|
-
remote tarball dependencies when you intentionally declare them, while blocking
|
|
37
|
-
transitive packages from pulling in those sources.
|
|
38
|
-
|
|
39
35
|
2. Add script to `package.json`:
|
|
40
36
|
|
|
41
37
|
```json
|
|
42
38
|
{
|
|
43
39
|
"scripts": {
|
|
44
|
-
"safe-install": "npx -y @gkiely/safe-
|
|
40
|
+
"safe-install": "npx -y @gkiely/safe-install0.1.14"
|
|
45
41
|
}
|
|
46
42
|
}
|
|
47
43
|
```
|
|
@@ -104,16 +100,6 @@ npm rebuild --ignore-scripts=false esbuild sharp
|
|
|
104
100
|
|
|
105
101
|
## Notes
|
|
106
102
|
|
|
107
|
-
Supports npm install flags:
|
|
108
|
-
|
|
109
|
-
```json
|
|
110
|
-
{
|
|
111
|
-
"scripts": {
|
|
112
|
-
"safe-install": "npx -y @gkiely/safe-install --no-audit --no-fund"
|
|
113
|
-
}
|
|
114
|
-
}
|
|
115
|
-
```
|
|
116
|
-
|
|
117
103
|
Only add a package to `trustedDependencies` after reviewing why it needs an
|
|
118
104
|
install script. This does not make dependency scripts safe; it makes the trust
|
|
119
105
|
decision explicit and version-controlled.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@gkiely/safe-install",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.14",
|
|
4
4
|
"description": "Run npm installs with lifecycle scripts disabled, then rebuild explicitly trusted dependencies.",
|
|
5
5
|
"author": "Grant Kiely <grant@youneedawiki.com>",
|
|
6
6
|
"license": "MIT",
|
|
@@ -45,7 +45,7 @@
|
|
|
45
45
|
"build": "tsc -p tsconfig.build.json",
|
|
46
46
|
"prepack": "npm run build",
|
|
47
47
|
"prepublishOnly": "npm run typecheck && npm test",
|
|
48
|
-
"release": "npm run typecheck && npm test && npm version patch && npm publish --access public && git push --follow-tags",
|
|
48
|
+
"release": "node scripts/bump-readme-version.ts && npm run typecheck && npm test && npm version patch && npm publish --access public && git push --follow-tags",
|
|
49
49
|
"safe-install": "node dist/index.js",
|
|
50
50
|
"test": "npm run build && node --test",
|
|
51
51
|
"typecheck": "tsc --noEmit"
|