@grafana/create-plugin 7.5.0-canary.2630.25781735426.0 → 7.5.0

package/CHANGELOG.md

@@ -1,3 +1,15 @@
+# v7.5.0 (Wed May 13 2026)
+
+#### 🚀 Enhancement
+
+- feat: disable package manager script execution [#2630](https://github.com/grafana/plugin-tools/pull/2630) ([@jackw](https://github.com/jackw))
+
+#### Authors: 1
+
+- Jack Westbrook ([@jackw](https://github.com/jackw))
+
+---
+
 # v7.4.0 (Wed May 13 2026)
 
 #### 🚀 Enhancement

package/dist/utils/utils.packageManager.js

@@ -8,29 +8,29 @@ const NPM_LOCKFILE = "package-lock.json";
 const PNPM_LOCKFILE = "pnpm-lock.yaml";
 const YARN_LOCKFILE = "yarn.lock";
 const SUPPORTED_PACKAGE_MANAGERS = ["npm", "yarn", "pnpm"];
-const DEFAULT_PACKAGE_MANAGER = { packageManagerName: "yarn", packageManagerVersion: "1.22.22" };
-async function configureYarn(cwd, packageManagerVersion) {
+const DEFAULT_PACKAGE_MANAGER = { packageManagerName: "npm", packageManagerVersion: "10.9.0" };
+async function configureYarn(cwd) {
   try {
-    const isYarnBerry = gte(packageManagerVersion, "2.0.0");
-    if (isYarnBerry) {
-      spawnSync("yarn", ["config", "set", "nodeLinker", "node-modules"], {
-        shell: true,
-        cwd
-      });
-      spawnSync("yarn", ["config", "set", "enableScripts", "false"], {
-        shell: true,
-        cwd
-      });
-      return "Configured Yarn Berry to use node_modules and disabled script execution during installation.";
-    }
-    spawnSync("yarn", ["config", "set", "ignore-scripts", "true"], {
+    spawnSync("yarn", ["set", "version", "stable"], {
+      shell: true,
+      cwd
+    });
+    spawnSync("yarn", ["config", "set", "nodeLinker", "node-modules"], {
+      shell: true,
+      cwd
+    });
+    spawnSync("yarn", ["config", "set", "enableScripts", "false"], {
+      shell: true,
+      cwd
+    });
+    spawnSync("yarn", ["config", "set", "approvedGitRepositories", "--json", `'["https://github.com/grafana/*"]'`], {
       shell: true,
       cwd
     });
-    return "Configured Yarn to ignore scripts during installation.";
+    return "Configured Yarn Berry to use node_modules, disabled script execution, and set approved Git repositories.";
   } catch (error) {
     throw new Error(
-      "There was an error configuring Yarn. Please run `yarn set version stable && yarn config set nodeLinker node-modules` in your plugin directory."
+      "There was an error configuring Yarn. Please run `yarn set version stable && yarn config set nodeLinker node-modules && yarn config set enableScripts false` in your plugin directory."
     );
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@grafana/create-plugin",
-  "version": "7.5.0-canary.2630.25781735426.0",
+  "version": "7.5.0",
   "repository": {
     "directory": "packages/create-plugin",
     "url": "https://github.com/grafana/plugin-tools"
@@ -55,5 +55,5 @@
   "engines": {
     "node": ">=20"
   },
-  "gitHead": "b92e8671ea11d60bf79cc2c03cb7c5a6afe75b58"
+  "gitHead": "a5b29c0663a14099383f2cda889ff86df36086ae"
 }

package/src/utils/utils.packageManager.ts

@@ -9,36 +9,36 @@ const NPM_LOCKFILE = 'package-lock.json';
 const PNPM_LOCKFILE = 'pnpm-lock.yaml';
 const YARN_LOCKFILE = 'yarn.lock';
 const SUPPORTED_PACKAGE_MANAGERS = ['npm', 'yarn', 'pnpm'];
-const DEFAULT_PACKAGE_MANAGER = { packageManagerName: 'yarn', packageManagerVersion: '1.22.22' };
+const DEFAULT_PACKAGE_MANAGER = { packageManagerName: 'npm', packageManagerVersion: '10.9.0' };
 
 export type PackageManager = {
   packageManagerName: string;
   packageManagerVersion: string;
 };
 
-export async function configureYarn(cwd: string, packageManagerVersion: string) {
+export async function configureYarn(cwd: string) {
   try {
-    const isYarnBerry = gte(packageManagerVersion, '2.0.0');
-    if (isYarnBerry) {
-      spawnSync('yarn', ['config', 'set', 'nodeLinker', 'node-modules'], {
-        shell: true,
-        cwd,
-      });
-      spawnSync('yarn', ['config', 'set', 'enableScripts', 'false'], {
-        shell: true,
-        cwd,
-      });
-      return 'Configured Yarn Berry to use node_modules and disabled script execution during installation.';
-    }
-    spawnSync('yarn', ['config', 'set', 'ignore-scripts', 'true'], {
+    spawnSync('yarn', ['set', 'version', 'stable'], {
       shell: true,
       cwd,
     });
-
-    return 'Configured Yarn to ignore scripts during installation.';
+    spawnSync('yarn', ['config', 'set', 'nodeLinker', 'node-modules'], {
+      shell: true,
+      cwd,
+    });
+    spawnSync('yarn', ['config', 'set', 'enableScripts', 'false'], {
+      shell: true,
+      cwd,
+    });
+    // TODO: Remove this once grafana/react-data-grid is published to NPM.
+    spawnSync('yarn', ['config', 'set', 'approvedGitRepositories', '--json', `'["https://github.com/grafana/*"]'`], {
+      shell: true,
+      cwd,
+    });
+    return 'Configured Yarn Berry to use node_modules, disabled script execution, and set approved Git repositories.';
   } catch (error) {
     throw new Error(
-      'There was an error configuring Yarn. Please run `yarn set version stable && yarn config set nodeLinker node-modules` in your plugin directory.'
+      'There was an error configuring Yarn. Please run `yarn set version stable && yarn config set nodeLinker node-modules && yarn config set enableScripts false` in your plugin directory.'
     );
   }
 }

package/templates/common/gitignore

@@ -9,11 +9,13 @@ yarn-error.log*
 node_modules/
 
 # yarn
-.yarn/cache
-.yarn/unplugged
-.yarn/build-state.yml
-.yarn/install-state.gz
 .pnp.*
+.yarn/*
+!.yarn/patches
+!.yarn/plugins
+!.yarn/releases
+!.yarn/sdks
+!.yarn/versions
 
 # Runtime data
 pids