Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: abort PM enforcement if the script runs in a dependency #14

Closed
wants to merge 1 commit into from

Conversation

neolitec
Copy link

The reason why is that NPM runs the preinstall script from the cache instead of from node_modules.

One way to detect that is by testing the presence of the _cacache which is the folder NPM uses for its cache.

Closes #13

@neolitec
Copy link
Author

You can test it by creating a repository using NPM and try to install neolitec/repro-pnpm-project#fix.

https://github.com/neolitec/repro-pnpm-project/tree/fix

@robwil
Copy link

robwil commented Nov 29, 2022

We are also seeing this problem on Mac, and this fix makes sense to me.

@Toilal
Copy link

Toilal commented Jan 17, 2023

Same issue here, on a github action pipeline with yarn v3.3.1. only-allow is executed when running "yarn install" on a project having a dependency containing only-allow preinstall script.

@antitoxic
Copy link

@zkochan is there any concerns regarding this? I would love to see this merged. Currently I have to work around this by having:

 "preinstall": "[[ $PWD == */node_modules/* ]] || npx only-allow pnpm"

instead of just npx only-allow pnpm but of course my workaround is OS-specific.

@neolitec neolitec closed this by deleting the head repository Sep 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Preinstall still not aborted in dependencies when using NPM
4 participants