{"id":13743395,"url":"https://github.com/dominykas/allow-scripts","last_synced_at":"2025-04-13T02:54:33.142Z","repository":{"id":34049053,"uuid":"167438202","full_name":"dominykas/allow-scripts","owner":"dominykas","description":"Execute allowed `npm install` lifecycle scripts","archived":true,"fork":false,"pushed_at":"2024-07-09T02:06:19.000Z","size":142,"stargazers_count":12,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-13T02:53:27.382Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dominykas.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-01-24T21:09:45.000Z","updated_at":"2024-08-18T11:03:11.000Z","dependencies_parsed_at":"2024-01-13T10:12:57.985Z","dependency_job_id":"2b1985da-50b2-41fc-8e66-419e2b867b3d","html_url":"https://github.com/dominykas/allow-scripts","commit_stats":{"total_commits":81,"total_committers":2,"mean_commits":40.5,"dds":"0.14814814814814814","last_synced_commit":"e965473c82be0ad86d03b5befad0b4fd9437b5df"},"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dominykas%2Fallow-scripts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dominykas%2Fallow-scripts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dominykas%2Fallow-scripts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dominykas%2Fallow-scripts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dominykas","download_url":"https://codeload.github.com/dominykas/allow-scripts/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248657874,"owners_count":21140844,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T05:00:45.962Z","updated_at":"2025-04-13T02:54:33.117Z","avatar_url":"https://github.com/dominykas.png","language":"JavaScript","funding_links":[],"categories":["Security Hardening"],"sub_categories":[],"readme":"# allow-scripts\n\nExecute allowed `npm install` lifecycle scripts. \n\n## tl;dr\n\n- Whitelist packages that you trust in your `package.json`: `\"allowScripts\": { \"packageName\": \"1.x.x - 2.x.x\" }`\n- Run `npm install --ignore-scripts` or `yarn install --ignore-scripts`\n- Run `npx allow-scripts`\n\nOnly the explicitly allowed `[pre|post]install` scripts will be executed.\n\n\n## Usage\n\n```\n$ npx allow-scripts [--dry-run]\n```\n\nRunning the command will scan the list of installed dependencies (using an existing `package-lock.json` or `npm-shrinkwrap.json` or by creating one on the fly). It will then execute the scripts for allowed dependencies that have them in the following order:\n\n- `preinstall` in the main package\n- `preinstall` in dependencies\n- `install` in dependencies\n- `postinstall` in dependencies\n- `install` in the main package\n- `postinstall` in the main package\n- `prepublish` in the main package\n- `prepare` in the main package\n\n### Configuration\n\n```\n  \"allowScripts\": {\n    \"fsevents\": \"*\",        # allow install scripts in all versions\n    \"node-sass\": false,     # ignore install scripts for all versions\n    \"webpack-cli\": \"3.x.x\"  # allow all minors for v3, ignore everything else\n  }\n```\n\nAllowed package list is configurable in `package.json` by adding an `allowScripts` property, with an object where the key is a package name and the value is one of:\n\n* a string with a semver specifier for allowed versions\n  - non-matching versions will be ignored\n* `true` - allow all versions (equivalent to `'*'` semver specifier)\n* `false` - ignore all versions\n\nIf a package has a lifecycle script, but is neither allowed nor ignored, `allow-scripts` will exit with an error.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdominykas%2Fallow-scripts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdominykas%2Fallow-scripts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdominykas%2Fallow-scripts/lists"}