@gkiely/safe-install 0.1.15 → 0.1.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +20 -2
- package/dist/index.d.ts +1 -0
- package/dist/index.js +8 -2
- package/package.json +4 -3
package/README.md
CHANGED
|
@@ -37,12 +37,12 @@ allow-remote=root
|
|
|
37
37
|
```json
|
|
38
38
|
{
|
|
39
39
|
"scripts": {
|
|
40
|
-
"safe-install": "npx -y @gkiely/safe-install0.1.
|
|
40
|
+
"safe-install": "npx -y @gkiely/safe-install0.1.16"
|
|
41
41
|
}
|
|
42
42
|
}
|
|
43
43
|
```
|
|
44
44
|
|
|
45
|
-
|
|
45
|
+
3. Find dependencies that declare install-time scripts:
|
|
46
46
|
|
|
47
47
|
```sh
|
|
48
48
|
npm run safe-install -- review-deps
|
|
@@ -69,6 +69,18 @@ or remote tarball URL specifiers.
|
|
|
69
69
|
npm run safe-install
|
|
70
70
|
```
|
|
71
71
|
|
|
72
|
+
7. If your project defines its own install lifecycle scripts, `safe-install`
|
|
73
|
+
runs them after dependency installation:
|
|
74
|
+
|
|
75
|
+
```json
|
|
76
|
+
{
|
|
77
|
+
"scripts": {
|
|
78
|
+
"preinstall": "node scripts/preinstall.js",
|
|
79
|
+
"postinstall": "node scripts/setup.js"
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
```
|
|
83
|
+
|
|
72
84
|
You can pass npm install args through:
|
|
73
85
|
|
|
74
86
|
```sh
|
|
@@ -86,6 +98,9 @@ npm run safe-install -- update
|
|
|
86
98
|
`safe-install` runs npm install with scripts blocked, then runs install scripts only for packages listed in
|
|
87
99
|
`trustedDependencies`.
|
|
88
100
|
|
|
101
|
+
It also runs your project's own `preinstall`, `install`, and `postinstall`
|
|
102
|
+
scripts when they are defined in the root `package.json`.
|
|
103
|
+
|
|
89
104
|
If `blockExoticSubDeps` is set to `true` in `package.json`, `safe-install` also
|
|
90
105
|
fails the install before rebuilding trusted dependencies when a transitive
|
|
91
106
|
dependency points outside the npm registry with a `git:`, `file:`, `link:`, or
|
|
@@ -96,6 +111,9 @@ Equivalent manual flow:
|
|
|
96
111
|
```sh
|
|
97
112
|
npm install --ignore-scripts --no-audit --no-fund
|
|
98
113
|
npm rebuild --ignore-scripts=false esbuild sharp
|
|
114
|
+
npm run --ignore-scripts preinstall
|
|
115
|
+
npm run --ignore-scripts install
|
|
116
|
+
npm run --ignore-scripts postinstall
|
|
99
117
|
```
|
|
100
118
|
|
|
101
119
|
## Notes
|
package/dist/index.d.ts
CHANGED
package/dist/index.js
CHANGED
|
@@ -115,6 +115,9 @@ function run(command, args) {
|
|
|
115
115
|
process.exit(result.status ?? 1);
|
|
116
116
|
}
|
|
117
117
|
}
|
|
118
|
+
function getRootInstallScripts(pkg) {
|
|
119
|
+
return installScriptNames.filter((scriptName) => typeof pkg.scripts?.[scriptName] === "string");
|
|
120
|
+
}
|
|
118
121
|
export function getInstallArgs(args = []) {
|
|
119
122
|
return ["install", "--ignore-scripts", ...args];
|
|
120
123
|
}
|
|
@@ -143,11 +146,11 @@ function printHelp() {
|
|
|
143
146
|
|
|
144
147
|
Usage:
|
|
145
148
|
safe-install [npm install args]
|
|
146
|
-
Run npm install with scripts disabled, then rebuild trusted dependencies
|
|
149
|
+
Run npm install with dependency scripts disabled, then rebuild trusted dependencies
|
|
147
150
|
safe-install -- review-deps
|
|
148
151
|
List dependencies that declare install-time scripts
|
|
149
152
|
safe-install -- update [npm update args]
|
|
150
|
-
Run npm update with scripts disabled, then rebuild trusted dependencies
|
|
153
|
+
Run npm update with dependency scripts disabled, then rebuild trusted dependencies
|
|
151
154
|
`);
|
|
152
155
|
}
|
|
153
156
|
export function reviewDepsCommand() {
|
|
@@ -180,6 +183,9 @@ function runPackageManagerThenRebuild(npmArgs) {
|
|
|
180
183
|
if (trustedDependencies.length > 0) {
|
|
181
184
|
run("npm", ["rebuild", "--ignore-scripts=false", ...trustedDependencies]);
|
|
182
185
|
}
|
|
186
|
+
for (const scriptName of getRootInstallScripts(pkg)) {
|
|
187
|
+
run("npm", ["run", "--ignore-scripts", scriptName]);
|
|
188
|
+
}
|
|
183
189
|
}
|
|
184
190
|
export function main(args = process.argv.slice(2)) {
|
|
185
191
|
const command = parseCommand(args);
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@gkiely/safe-install",
|
|
3
|
-
"version": "0.1.
|
|
4
|
-
"description": "Run npm installs with lifecycle scripts disabled, then rebuild explicitly trusted dependencies.",
|
|
3
|
+
"version": "0.1.16",
|
|
4
|
+
"description": "Run npm installs with dependency lifecycle scripts disabled, then rebuild explicitly trusted dependencies.",
|
|
5
5
|
"author": "Grant Kiely <grant@youneedawiki.com>",
|
|
6
6
|
"license": "MIT",
|
|
7
7
|
"type": "module",
|
|
@@ -45,7 +45,8 @@
|
|
|
45
45
|
"build": "tsc -p tsconfig.build.json",
|
|
46
46
|
"prepack": "npm run build",
|
|
47
47
|
"prepublishOnly": "npm run typecheck && npm test",
|
|
48
|
-
"
|
|
48
|
+
"bump": "node scripts/bump-readme-version.ts",
|
|
49
|
+
"release": "npm run typecheck && npm test && npm version patch && npm publish --access public && git push --follow-tags",
|
|
49
50
|
"safe-install": "node dist/index.js",
|
|
50
51
|
"test": "npm run build && node --test",
|
|
51
52
|
"typecheck": "tsc --noEmit"
|