UNPKG

npm

Version:

a package manager for JavaScript

docs.npmjs.com

npm/cli

41 lines (36 loc) 1.31 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
const { log } = require('proc-log') // The allowScripts policy MUST live at the project root (RFC npm/rfcs#868). // A non-root workspace declaring its own allowScripts is almost always a // mistake: that policy would be silently ignored at install time. // // `findWorkspaceAllowScripts` returns the list of offending workspace nodes. // `warnWorkspaceAllowScripts` is the side-effecting variant that emits one // install-time `log.warn` per offender. const findWorkspaceAllowScripts = (tree) => { const offenders = [] if (!tree?.inventory) { return offenders } for (const node of tree.inventory.values()) { if (!node.isWorkspace || node.isProjectRoot) { continue } if (node.package?.allowScripts !== undefined) { offenders.push(node) } } return offenders } const warnWorkspaceAllowScripts = (tree) => { for (const node of findWorkspaceAllowScripts(tree)) { const name = node.packageName || node.name log.warn( 'allow-scripts', `allowScripts in workspace ${name} (${node.path}) is ignored. ` + 'Move the field to the project root package.json.' ) } } module.exports = warnWorkspaceAllowScripts module.exports.warnWorkspaceAllowScripts = warnWorkspaceAllowScripts module.exports.findWorkspaceAllowScripts = findWorkspaceAllowScripts