npm - @gkiely/safe-install - Versions diffs - 0.1.2 → 0.1.3 - Mend

@gkiely/safe-install 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -25,18 +25,12 @@ behind a reviewed allowlist in `package.json`.
 ignore-scripts=true
 ```
-2. Install `safe-install` without running dependency scripts:
-```sh
-npm i --ignore-scripts -D safe-install
-```
-3. Add scripts to `package.json`:
+2. Add script to `package.json`:
 ```json
 {
   "scripts": {
-    "safe-install": "safe-install"
+    "safe-install": "npx -y @gkiely/safe-install"
   }
 }
 ```
@@ -65,7 +59,7 @@ specifiers.
 6. Use `safe-install` for future installs:
 ```sh
-npm run safe-install
+npm run safe-install -- --no-audit --no-fund
 ```
 ## What `safe-install` does
@@ -81,7 +75,7 @@ remote tarball URL specifier.
 Equivalent manual flow:
 ```sh
-npm install --ignore-scripts
+npm install --ignore-scripts --no-audit --no-fund
 npm rebuild --ignore-scripts=false esbuild sharp
 ```

package/dist/index.d.ts CHANGED Viewed

@@ -20,7 +20,8 @@ type SafeInstallConfig = {
 };
 export declare function getSafeInstallConfig(pkg: PackageJson): SafeInstallConfig;
 export declare function assertNoBlockedExoticSubdeps(config: SafeInstallConfig, packageLock: PackageLock): void;
+export declare function getInstallArgs(args?: readonly string[]): string[];
 export declare function reviewDepsCommand(): void;
-export declare function installCommand(): void;
+export declare function installCommand(args?: readonly string[]): void;
 export declare function main(args?: string[]): void;
 export {};

package/dist/index.js CHANGED Viewed

@@ -115,11 +115,15 @@ function run(command, args) {
         process.exit(result.status ?? 1);
     }
 }
+export function getInstallArgs(args = []) {
+    return ["install", "--ignore-scripts", ...args];
+}
 function printHelp() {
     console.log(`safe-install
 Usage:
-  safe-install          Run npm install with scripts disabled, then rebuild trusted dependencies
+  safe-install [npm install flags]
+                        Run npm install with scripts disabled, then rebuild trusted dependencies
   safe-install review-deps
                         List dependencies that declare install-time scripts
 `);
@@ -137,11 +141,11 @@ export function reviewDepsCommand() {
     console.log("");
     console.log("Review these packages before adding them to trustedDependencies.");
 }
-export function installCommand() {
+export function installCommand(args = []) {
     const pkg = readPackageJson();
     const config = getSafeInstallConfig(pkg);
     const trustedDependencies = getTrustedDependencies(pkg);
-    run("npm", ["install", "--ignore-scripts"]);
+    run("npm", getInstallArgs(args));
     if (existsSync("package-lock.json")) {
         assertNoBlockedExoticSubdeps(config, readPackageLock());
     }
@@ -163,6 +167,10 @@ export function main(args = process.argv.slice(2)) {
         printHelp();
         return;
     }
+    if (command.startsWith("-")) {
+        installCommand(args);
+        return;
+    }
     throw new Error(`Unknown command: ${command}`);
 }
 if (process.argv[1] && realpathSync(fileURLToPath(import.meta.url)) === realpathSync(process.argv[1])) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@gkiely/safe-install",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "Run npm installs with lifecycle scripts disabled, then rebuild explicitly trusted dependencies.",
   "author": "Grant Kiely <grant@youneedawiki.com>",
   "license": "MIT",