@lavamoat/preinstall-always-fail
Advanced tools
Worried about accidentally running `yarn` or `npm` with script hooks enabled such as `preinstall` or `postinstall`? Adding this package to a project mitigates the likelihood of running any lifecycle scripts by throwing an error on `preinstall`.
Worried about accidentally running yarn or npm with script hooks enabled such as preinstall or postinstall? Adding this package to a project mitigates the likelihood of running any lifecycle scripts by throwing an error on preinstall.
npm i @lavamoat/preinstall-always-fail
If the --ignore-scripts flag is disabled, running yarn or npm will fail. Enable the flag and use in conjunction with Lavamoat's allow-scripts to manually whitelist packages running scripts.
FAQs
Worried about accidentally running `yarn` or `npm` with script hooks enabled such as `preinstall` or `postinstall`?
The npm package @lavamoat/preinstall-always-fail receives a total of 3,115 weekly downloads. As such, @lavamoat/preinstall-always-fail popularity was classified as popular.
We found that @lavamoat/preinstall-always-fail demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A new OpenSSF report uncovers critical gaps in secure software training, with 75% of new developers unfamiliar with secure practices, highlighting urgent educational needs.
Security News
The 2023 Python Developers Survey reveals key trends in packaging, web frameworks, and developer demographics, highlighting a shift toward innovative tools as the Python community diversifies and grows among less experienced developers.
Security News
GitHub is combatting a new spam campaign that exploits issues with links to malicious downloads, highlighting the need for better moderation tools to protect open-source maintainers' time and security.