ignore-dependency-scripts
Advanced tools
Script to prevent dependencies to execute post/pre install scripts when installed directly from git.
Script to prevent dependencies to execute post/pre install scripts when installed directly from git.
Alternative to typicode/pinst and bahmutov/am-i-a-dependency.
Sometimes when working with private projects, we have the need to reuse some parts of our code in many projects. But, we know that maintaining a private npm registry is a pain and requires a lot of attention.
So, the easiest way, is to install our private repo as a dependency directly from git. But, this comes with some caveats like the inability to use .npmignore and the lack of an option to "prevent pre/post scripts" when installed as a dependency.
Some examples of scripts that we might want to prevent from running when installed as a dependency is:
It's a solution for:
Replace this:
// package.json
"name": "my-library",
"scripts:" {
// "start", "test", "build", etc
"postinstall/preinstall/prepare/etc": "your && scripts && here"
},
With this:
// package.json
"name": "my-library",
"scripts:" {
// "start", "test", "build", etc
"postinstall/preinstall/prepare/etc": "npx --yes ignore-dependency-scripts \"your && scripts && here\""
},
Replace
your && scripts && hereby any post/pre install script that you want, likehusky install,npx pod-installor both.
Now, when you run yarn install or npm install in ./my-library the your && scripts && here will run normally.
But, when you install my-library as a dependency (aka yarn add url/to/my-library.git) in another repository, the your && scripts && here will be ignored.
Consider the usage example above.
When npx --yes ignore-dependency-scripts is executed, it will check if there is a .git folder inside the root directory. (thanks to https://stackoverflow.com/a/68915638/2826279)
If the .git folder exists, then you are installing the dependencies of ./my-library directly.
If the .git folder DOES NOT exist, then you are installing my-library as a dependency in another repository.
I think that in future we can extend this package to use other strategies too. PRs will be welcome.
New features, bug fixes and improvements are welcome! For questions and suggestions, use the issues.
The MIT License (MIT)
Copyright (c) 2022 Douglas Nassif Roma Junior
See the full license file.
FAQs
Script to prevent dependencies to execute post/pre install scripts when installed directly from git.
The npm package ignore-dependency-scripts receives a total of 325 weekly downloads. As such, ignore-dependency-scripts popularity was classified as not popular.
We found that ignore-dependency-scripts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA is discontinuing official RSS support for KEV and cybersecurity alerts, shifting updates to email and social media, disrupting automation workflows.
Security News
The MCP community is launching an official registry to standardize AI tool discovery and let agents dynamically find and install MCP servers.
Research
Security News
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.