`--ignore-scripts` ignores *all* scripts


(Nick Cacace) #1

What I Wanted to Do

I’m using npm install --ignore-scripts

I want to ignore the preinstall and postinstall scripts in my package.json, but not the scripts of dependencies. In my case this dependency is node-sass

I’m not sure if this a bug report or a feature request. The documentation seems to indicate that only the scripts in my package.json will be ignored.

What Happened Instead

Modules were installed, but the postinstall script of node-sass was not executed, and the binary was not built/installed for my environment.

Reproduction Steps

demonstration repository

Use npm install --ignore-scripts on any project that has node-sass as a dependency. The binary will not be installed, and running node-sass throws an error.


Platform Info

$ npm --versions
{'ignore-scripts': '1.0.0',
  npm: '6.3.0',
  ares: '1.10.1-DEV',
  cldr: '32.0',
  http_parser: '2.8.0',
  icu: '60.1',
  modules: '57',
  napi: '3',
  nghttp2: '1.32.0',
  node: '8.11.3',
  openssl: '1.0.2o',
  tz: '2017c',
  unicode: '10.0',
  uv: '1.19.1',
  v8: '6.2.414.54',
  zlib: '1.2.11'}
$ node -p process.platform

(Kat Marchán) #2

tbh, this pretty much does what it says on the tin, so I’ve moved it to #support.

(Nick Cacace) #3

Hm okay, if that’s the intention than I suppose it’s not a bug.

Is there any interest in an --ignore-my-scripts type flag?

(Kat Marchán) #4

If you want that, you’ll have to put up an RFC: https://github.com/npm/rfcs – or you can discuss the off-the-cuff idea in #ideas, but we don’t take action on those until there’s a formal RFC.

(David Bouman) #5

To deal with this one scenario, and more generally to allow only specific preinstall and postinstall scripts to run, I have used a strategy similar to this one:

npm install --ignore-scripts && ( cd ./node_modules/nose-sass && npm run install )

And in order to not have to remember and type the exact invocation every time, I added it into my package.json's scripts section:

 "scripts": {
    "refresh": "npm install --ignore-scripts && ( cd ./node_modules/nose-sass && npm run install )

… typing only npm run refresh from then on.

The refresh moniker may not be the most apt to this particular situation but usually I throw in a round of npm prune and npm dedupe in there as well.

(Nick Cacace) #6

Yeah that’s essentially how I’m handling it now. It’s not great in my case though because node-sass isn’t a direct dependency, it’s a dependency of a dependency.
I don’t love it because it leaves my package.json and package.lock in a modified state before every build.

(Kat Marchán) #7

You can do npm rebuild node-sass. This will leave your package.json/package-lock.json files intact but still make sure you get your native dep built.

(David Bouman) #8

Great! didn’t know about npm rebuild. Though I don’t see how the original could result in modified package{,-lock}.json files? That is, I don’t think I ever experienced that.

(Kat Marchán) #9

oh. I misread. That said npm run install, not npm install. :slight_smile:

Yeah, I don’t know what the deal is there.

Still, npm rebuild <pkg> is what you want here, since in general it’ll be more thorough about making sure everything is linked properly, native deps built, scripts run, etc. It might work for node-sass as presented, but it’s not a general solution, and not recommended.

(Nick Cacace) #10

Yeah npm rebuild looks like the best solution for now.

Sorry, I wasn’t clear. If package.json looks like

"dependencies": {
  "grunt-sass": "1.0.0"

and grunt-sass has a dependency on node-sass, running npm install node-sass will modify package.json.

(Kat Marchán) #11

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.