@lavamoat/allow-scripts
Advanced tools
A tool for running only the dependency lifecycle hooks specified in an allowlist.
A tool for running only the dependency lifecycle hooks specified in an allowlist.
Adds the package to start using it in your project. be sure to include the @lavamoat/ namespace in the package name
yarn add -D @lavamoat/allow-scripts
yarn allow-scripts setup
Adds a .yarnrc or .npmrc (the latter if package-lock.json is present) to the package, populates this file with the line ignore-scripts true. Immediately after that, adds the dependency @lavamoat/preinstall-always-fail.
Adding this package to a project mitigates the likelihood of accidentally running any lifecycle scripts by throwing an error during the preinstall script execution.
Automatically generates and writes a configuration into package.json, setting new policies as false by default. Edit this file as necessary.
yarn allow-scripts auto
Configuration goes in package.json
{
"lavamoat": {
"allowScripts": {
"keccak": true,
"core-js": false
}
}
}
Run all lifecycle scripts for the packages specified in package.json
yarn allow-scripts
This is a shorthand for yarn allow-scripts run.
It will fail if it detects dependencies who haven't been set up during configuration of the package. You will be advised to run yarn allow-scripts auto.
Prints comprehension of configuration and dependencies with lifecycle scripts, specifying allowed and disallowed packages.
yarn allow-scripts list
Consider adding a setup npm script for all your post-install steps to ensure the running of your allowed scripts. This can be just a regular script (no magic needed!). Also, it is a good place to add other post-processing commands you want to use.
In the future when you add additional post-processing scripts, e.g. patch-package, you can add them to this setup script.
:thought_balloon: You will need to make an effort to remember to run yarn setup instead of just yarn :lotus_position:
{
"scripts": {
"setup": "yarn install && yarn allow-scripts && ..."
}
}
FAQs
A tool for running only the dependency lifecycle hooks specified in an allowlist.
The npm package @lavamoat/allow-scripts receives a total of 17,205 weekly downloads. As such, @lavamoat/allow-scripts popularity was classified as popular.
We found that @lavamoat/allow-scripts demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.
Security News
vlt introduced its new package manager and a serverless registry this week, innovating in a space where npm has stagnated.