@gkiely/safe-install 0.1.4 → 0.1.5

package/README.md

@@ -30,7 +30,7 @@ ignore-scripts=true
 ```json
 {
   "scripts": {
-    "safe-install": "npx -y @gkiely/safe-install -- --no-audit --no-fund"
+    "safe-install": "npx -y @gkiely/safe-install"
   }
 }
 ```
@@ -38,7 +38,7 @@ ignore-scripts=true
 4. Find dependencies that declare install-time scripts:
 
 ```sh
-npm run safe-install -- review-deps
+npm run safe-install review-deps
 ```
 
 5. Review the output, then add trusted packages to `package.json`. You can also
@@ -81,6 +81,16 @@ npm rebuild --ignore-scripts=false esbuild sharp
 
 ## Notes
 
+Supports npm install flags:
+
+```json
+{
+  "scripts": {
+    "safe-install": "npx -y @gkiely/safe-install --no-audit --no-fund"
+  }
+}
+```
+
 Only add a package to `trustedDependencies` after reviewing why it needs an
 install script. This does not make dependency scripts safe; it makes the trust
 decision explicit and version-controlled.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gkiely/safe-install",
-  "version": "0.1.4",
+  "version": "0.1.5",
   "description": "Run npm installs with lifecycle scripts disabled, then rebuild explicitly trusted dependencies.",
   "author": "Grant Kiely <grant@youneedawiki.com>",
   "license": "MIT",
@@ -45,6 +45,7 @@
     "build": "tsc -p tsconfig.build.json",
     "prepack": "npm run build",
     "prepublishOnly": "npm run typecheck && npm test",
+    "release": "npm run typecheck && npm test && npm version patch && npm publish --access public && git push --follow-tags",
     "safe-install": "node dist/index.js",
     "test": "node --test",
     "typecheck": "tsc --noEmit"