Comment by xenophonf
24 days ago
Where in the pnpm documentation does it say that it ignores scripts by default?
From https://pnpm.io/cli/install#--ignore-scripts:
> Default: *false*
24 days ago
Where in the pnpm documentation does it say that it ignores scripts by default?
From https://pnpm.io/cli/install#--ignore-scripts:
> Default: *false*
Weird. The config also appears to default to `false`
https://pnpm.io/settings#ignorescripts
This page describes the behavior, "disables the automatic execution of postinstall scripts in dependencies":
https://pnpm.io/supply-chain-security
While this explicitly calls out "postinstall", I'm pretty sure it affects other such lifecycle scripts like preinstall in dependencies.
The --ignore-scripts option will ignore lifecycle scripts in the project itself, not just dependencies. And it will ignore scripts that you have previously allowed (using the "allowBuilds" feature).