UNPKG

npm

Version:

a package manager for JavaScript

docs.npmjs.com

npm/cli

28 lines (25 loc) 1.32 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
const { collectUnreviewedScripts } = require('@npmcli/arborist/lib/unreviewed-scripts.js') // Walks a tree's inventory and returns the list of dep nodes that have // install-relevant lifecycle scripts and are not yet covered (or explicitly // denied) by the allowScripts policy. // // Thin wrapper around arborist's shared `collectUnreviewedScripts`, mapping // the CLI's `({ arb, npm, tree })` shape onto the shared walk. Defaults to // `arb.actualTree` (post-reify) but accepts an explicit tree so callers can // pre-flight against the idealTree before scripts run. // // Returns an array of `{ node, scripts }` entries. `scripts` is an object // describing the relevant lifecycle scripts that would run. // // `includeWhenIgnored` keeps listing unreviewed packages even when // ignore-scripts is set, so approve/deny can show what you'd move from a // blanket ignore-scripts to an allowlist. Execution callers leave it false. const checkAllowScripts = async ({ arb, npm, tree, includeWhenIgnored = false }) => collectUnreviewedScripts({ tree: tree || arb.actualTree, policy: arb.options?.allowScripts || null, ignoreScripts: !!arb.options?.ignoreScripts, dangerouslyAllowAllScripts: !!npm?.flatOptions?.dangerouslyAllowAllScripts, includeWhenIgnored, }) module.exports = checkAllowScripts