ignore-dependency-scripts
Advanced tools
Script to prevent dependencies to execute post/pre install scripts when installed directly from git.
Script to prevent dependencies to execute post/pre install scripts when installed directly from git.
Alternative to typicode/pinst and bahmutov/am-i-a-dependency.
Sometimes when working with private projects, we have the need to reuse some parts of our code in many projects. But, we know that maintaining a private npm registry is a pain and requires a lot of attention.
So, the easiest way, is to install our private repo as a dependency directly from git. But, this comes with some caveats like the inability to use .npmignore and the lack of an option to "prevent pre/post scripts" when installed as a dependency.
Some examples of scripts that we might want to prevent from running when installed as a dependency is:
It's a solution for:
Replace this:
// package.json
"name": "my-library",
"scripts:" {
// "start", "test", "build", etc
"postinstall/preinstall/prepare/etc": "your && scripts && here"
},
With this:
// package.json
"name": "my-library",
"scripts:" {
// "start", "test", "build", etc
"postinstall/preinstall/prepare/etc": "npx --yes ignore-dependency-scripts \"your && scripts && here\""
},
Replace
your && scripts && hereby any post/pre install script that you want, likehusky install,npx pod-installor both.
Now, when you run yarn install or npm install in ./my-library the your && scripts && here will run normally.
But, when you install my-library as a dependency (aka yarn add url/to/my-library.git) in another repository, the your && scripts && here will be ignored.
Consider the usage example above.
When npx --yes ignore-dependency-scripts is executed, it will check if there is a .git folder inside the root directory. (thanks to https://stackoverflow.com/a/68915638/2826279)
If the .git folder exists, then you are installing the dependencies of ./my-library directly.
If the .git folder DOES NOT exist, then you are installing my-library as a dependency in another repository.
I think that in future we can extend this package to use other strategies too. PRs will be welcome.
New features, bug fixes and improvements are welcome! For questions and suggestions, use the issues.
The MIT License (MIT)
Copyright (c) 2022 Douglas Nassif Roma Junior
See the full license file.
FAQs
Script to prevent dependencies to execute post/pre install scripts when installed directly from git.
The npm package ignore-dependency-scripts receives a total of 292 weekly downloads. As such, ignore-dependency-scripts popularity was classified as not popular.
We found that ignore-dependency-scripts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Application Security
/Security News
Socket CEO Feross Aboukhadijeh and a16z partner Joel de la Garza discuss vibe coding, AI-driven software development, and how the rise of LLMs, despite their risks, still points toward a more secure and innovative future.
Research
/Security News
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
Research
/Security News
Socket researchers investigate 4 malicious npm and PyPI packages with 56,000+ downloads that install surveillance malware.