🚀 DAY 5 OF LAUNCH WEEK: Introducing Socket Firewall Enterprise.Learn more →
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

ignore-dependency-scripts

Package Overview
Dependencies
Maintainers
1
Versions
5
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

ignore-dependency-scripts

Script to prevent dependencies to execute post/pre install scripts when installed directly from git.

latest
Source
npmnpm
Version
1.0.1
Version published
Weekly downloads
230
32.95%
Maintainers
1
Weekly downloads
 
Created
Source

Ignore dependency post/pre install scripts

License MIT npm version npm downloads

Script to prevent dependencies to execute post/pre install scripts when installed directly from git.

Alternative to typicode/pinst and bahmutov/am-i-a-dependency.

Why?

Sometimes when working with private projects, we have the need to reuse some parts of our code in many projects. But, we know that maintaining a private npm registry is a pain and requires a lot of attention.

So, the easiest way, is to install our private repo as a dependency directly from git. But, this comes with some caveats like the inability to use .npmignore and the lack of an option to "prevent pre/post scripts" when installed as a dependency.

Some examples of scripts that we might want to prevent from running when installed as a dependency is:

  • husky install
  • npx pod-install

It's a solution for:

Usage

Replace this:

  // package.json

  "name": "my-library",
  "scripts:" { 
    // "start", "test", "build", etc
    "postinstall/preinstall/prepare/etc": "your && scripts && here"
  },

With this:

  // package.json

  "name": "my-library",
  "scripts:" { 
    // "start", "test", "build", etc
    "postinstall/preinstall/prepare/etc": "npx --yes ignore-dependency-scripts \"your && scripts && here\""
  },

Replace your && scripts && here by any post/pre install script that you want, like husky install, npx pod-install or both.

Now, when you run yarn install or npm install in ./my-library the your && scripts && here will run normally.

But, when you install my-library as a dependency (aka yarn add url/to/my-library.git) in another repository, the your && scripts && here will be ignored.

How it works

Consider the usage example above.

When npx --yes ignore-dependency-scripts is executed, it will check if there is a .git folder inside the root directory. (thanks to https://stackoverflow.com/a/68915638/2826279)

If the .git folder exists, then you are installing the dependencies of ./my-library directly.

If the .git folder DOES NOT exist, then you are installing my-library as a dependency in another repository.

I think that in future we can extend this package to use other strategies too. PRs will be welcome.

Contribute

New features, bug fixes and improvements are welcome! For questions and suggestions, use the issues.

Become a Patron! Donate

License

The MIT License (MIT)

Copyright (c) 2022 Douglas Nassif Roma Junior

See the full license file.

Keywords

npm
yarn
git
dependency
dependencies
postinstall

FAQs

Package last updated on 21 Dec 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

The Changelog Podcast: Practical Steps to Stay Safe on npm

Security News

The Changelog Podcast: Practical Steps to Stay Safe on npm

Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.

By Sarah Gooding  -  Oct 31, 2025