Running the command will scan the list of installed dependencies (from the first source available: npm-shrinkwrap.json, package-lock.json, npm ls --json). It will then execute the scripts for allowed dependencies that have them in the following order:

preinstall in the main package
preinstall in dependencies
install in dependencies
postinstall in dependencies
install in the main package
postinstall in the main package
prepublish in the main package
prepare in the main package

Allowed package list is configurable in package.json by adding an allowedScripts property, with an object where the key is a package name and the value is one of:

a string with a semver specifier for allowed versions
- non-matching versions will be ignored
true - allow all versions (equivalent to '*' semver specifier)
false - ignore all versions

If a package has a lifecycle script, but is neither allowed nor ignored, allow-scripts will exit with an error.

Example for package.json:

  "allowScripts": {
    "fsevents": "*",        # allow install scripts in all versions
    "node-sass": false,     # ignore install scripts for all versions
    "webpack-cli": "3.x.x"  # allow all minors for v3, ignore everything else
  }

FAQs

What is allow-scripts?

Is allow-scripts popular?

Is allow-scripts well maintained?

Package last updated on 29 Jan 2019

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

allow-scripts

allow-scripts

Usage

Related posts

Malicious npm Campaign Targets Ethereum Developers with Fake Hardhat Packages

Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts