← Back to context

Comment by TeMPOraL

3 hours ago

Stupid question, but:

- If it's safe to "ignore scripts", why does this option exist in the first place?

- Otherwise, what kind of cascade breakage in dependencies you risk by suppressing part of their installation process?

1 comment

TeMPOraL

Reply
efortis  1 hour ago

Yes, it can break deps, some will not install. Puppeteer is a good example because it installs binaries. But it also shows an error with the cmd needed to complete the installation.

Why it is allowed by default?

> it’s npm’s belief that the utility of having installation scripts is greater than the risk of worms.

NPM co-founder Laurie Voss

https://blog.npmjs.org/post/141702881055/package-install-scr...