-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: propagate --ignore-scripts to yarn v1 dependency bootstrap if enableScripts=false #6259
base: master
Are you sure you want to change the base?
Conversation
6e9a032
to
6d78713
Compare
I'm not 100% convinced this is the right approach. While it makes sense to do that, it would only work for Yarn Classic - not for npm, neither pnpm. It would also only affect one setting. I don't have a very strong opinion on it, but it feels to me this might be something that should be left to the user. |
Good point that this PR is addressing the Yarn Classic case and is therefore only a partial resolution of #6258 in its current state.
Is that not precisely what If the user relies on (I also believe Yarn Classic has some mechanism to override this via environment variables, in case anyone explicitly wants to e.g. enable install scripts for all dependencies except those with yarn v1 lockfiles in the package root?). |
6d78713
to
5c7e7b9
Compare
I would argue (and the file name
|
5c7e7b9
to
d264d3b
Compare
@naugtur That makes sense. The docs say:
This does not seem to include git dependencies. This is being implemented in #6280 (which would make this PR redundant). |
What's the problem this PR addresses?
This passes
--ignore-scripts
for the bootstrapping of Yarn Classic packages ifenableScripts
==false
.How did you fix it?
--ignore-scripts
.Checklist
patch
to make the check pass locally but I'm not certain they are actually all required. Could use some guidance in case this needs adjusting.I will check that all automated PR checks pass before the PR gets reviewed.
Add test coverage for new branch by adding new test-case