
Security News
Browserslist-rs Gets Major Refactor, Cutting Binary Size by Over 1MB
Browserslist-rs now uses static data to reduce binary size by over 1MB, improving memory use and performance for Rust-based frontend tools.
ignore-dependency-scripts
Advanced tools
Script to prevent dependencies to execute post/pre install scripts when installed directly from git.
Script to prevent dependencies to execute post/pre install scripts when installed directly from git.
Alternative to typicode/pinst and bahmutov/am-i-a-dependency.
Sometimes when working with private projects, we have the need to reuse some parts of our code in many projects. But, we know that maintaining a private npm registry
is a pain and requires a lot of attention.
So, the easiest way, is to install our private repo as a dependency directly from git. But, this comes with some caveats like the inability to use .npmignore
and the lack of an option to "prevent pre/post scripts" when installed as a dependency.
Some examples of scripts that we might want to prevent from running when installed as a dependency is:
It's a solution for:
Replace this:
// package.json
"name": "my-library",
"scripts:" {
// "start", "test", "build", etc
"postinstall/preinstall/prepare/etc": "your && scripts && here"
},
With this:
// package.json
"name": "my-library",
"scripts:" {
// "start", "test", "build", etc
"postinstall/preinstall/prepare/etc": "npx --yes ignore-dependency-scripts \"your && scripts && here\""
},
Replace
your && scripts && here
by any post/pre install script that you want, likehusky install
,npx pod-install
or both.
Now, when you run yarn install
or npm install
in ./my-library
the your && scripts && here
will run normally.
But, when you install my-library
as a dependency (aka yarn add url/to/my-library.git
) in another repository, the your && scripts && here
will be ignored.
Consider the usage example above.
When npx --yes ignore-dependency-scripts
is executed, it will check if there is a .git
folder inside the root directory. (thanks to https://stackoverflow.com/a/68915638/2826279)
If the .git
folder exists, then you are installing the dependencies of ./my-library
directly.
If the .git
folder DOES NOT exist, then you are installing my-library
as a dependency in another repository.
I think that in future we can extend this package to use other strategies too. PRs will be welcome.
New features, bug fixes and improvements are welcome! For questions and suggestions, use the issues.
The MIT License (MIT)
Copyright (c) 2022 Douglas Nassif Roma Junior
See the full license file.
FAQs
Script to prevent dependencies to execute post/pre install scripts when installed directly from git.
The npm package ignore-dependency-scripts receives a total of 326 weekly downloads. As such, ignore-dependency-scripts popularity was classified as not popular.
We found that ignore-dependency-scripts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Browserslist-rs now uses static data to reduce binary size by over 1MB, improving memory use and performance for Rust-based frontend tools.
Research
Security News
Eight new malicious Firefox extensions impersonate games, steal OAuth tokens, hijack sessions, and exploit browser permissions to spy on users.
Security News
The official Go SDK for the Model Context Protocol is in development, with a stable, production-ready release expected by August 2025.