@lavamoat/allow-scripts
Advanced tools
A tool for running only the dependency lifecycle hooks specified in an allowlist.
A tool for running only the dependency lifecycle hooks specified in an allowlist.
Adds the package to start using it in your project. be sure to include the @lavamoat/ namespace in the package name
yarn add -D @lavamoat/allow-scripts
yarn allow-scripts setup
Adds a .yarnrc or .npmrc (the latter if package-lock.json is present) to the package, populates this file with the line ignore-scripts true. Immediately after that, adds the dependency @lavamoat/preinstall-always-fail.
Adding this package to a project mitigates the likelihood of accidentally running any lifecycle scripts by throwing an error during the preinstall script execution.
Automatically generates and writes a configuration into package.json, setting new policies as false by default. Edit this file as necessary.
yarn allow-scripts auto
Configuration goes in package.json
{
"lavamoat": {
"allowScripts": {
"keccak": true,
"core-js": false
}
}
}
Run all lifecycle scripts for the packages specified in package.json
yarn allow-scripts
This is a shorthand for yarn allow-scripts run.
It will fail if it detects dependencies who haven't been set up during configuration of the package. You will be advised to run yarn allow-scripts auto.
Prints comprehension of configuration and dependencies with lifecycle scripts, specifying allowed and disallowed packages.
yarn allow-scripts list
Consider adding a setup npm script for all your post-install steps to ensure the running of your allowed scripts. This can be just a regular script (no magic needed!). Also, it is a good place to add other post-processing commands you want to use.
In the future when you add additional post-processing scripts, e.g. patch-package, you can add them to this setup script.
:thought_balloon: You will need to make an effort to remember to run yarn setup instead of just yarn :lotus_position:
{
"scripts": {
"setup": "yarn install && yarn allow-scripts && ..."
}
}
FAQs
A tool for running only the dependency lifecycle hooks specified in an allowlist.
The npm package @lavamoat/allow-scripts receives a total of 9,210 weekly downloads. As such, @lavamoat/allow-scripts popularity was classified as popular.
We found that @lavamoat/allow-scripts demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Deno 2.2 enhances Node.js compatibility, improves dependency management, adds OpenTelemetry support, and expands linting and task automation for developers.
Security News
React's CRA deprecation announcement sparked community criticism over framework recommendations, leading to quick updates acknowledging build tools like Vite as valid alternatives.
Security News
Ransomware payment rates hit an all-time low in 2024 as law enforcement crackdowns, stronger defenses, and shifting policies make attacks riskier and less profitable.