diff --git a/lib/commands/pack.js b/lib/commands/pack.js index 6a1bb53acb8aa..bd190d88d82b6 100644 --- a/lib/commands/pack.js +++ b/lib/commands/pack.js @@ -15,6 +15,7 @@ class Pack extends BaseCommand { 'workspace', 'workspaces', 'include-workspace-root', + 'ignore-scripts', ] static usage = [''] diff --git a/mock-registry/package.json b/mock-registry/package.json index 919e1a3e5434d..b578cf3ae1c76 100644 --- a/mock-registry/package.json +++ b/mock-registry/package.json @@ -52,7 +52,7 @@ "json-stringify-safe": "^5.0.1", "nock": "^13.3.3", "npm-package-arg": "^12.0.0", - "pacote": "^19.0.0", + "pacote": "^20.0.0", "tap": "^16.3.8" } } diff --git a/node_modules/@npmcli/metavuln-calculator/package.json b/node_modules/@npmcli/metavuln-calculator/package.json index d4c3cf54d83ea..df0b8f2f4faf1 100644 --- a/node_modules/@npmcli/metavuln-calculator/package.json +++ b/node_modules/@npmcli/metavuln-calculator/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/metavuln-calculator", - "version": "8.0.0", + "version": "8.0.1", "main": "lib/index.js", "files": [ "bin/", @@ -41,7 +41,7 @@ "dependencies": { "cacache": "^19.0.0", "json-parse-even-better-errors": "^4.0.0", - "pacote": "^19.0.0", + "pacote": "^20.0.0", "proc-log": "^5.0.0", "semver": "^7.3.5" }, diff --git a/node_modules/pacote/lib/dir.js b/node_modules/pacote/lib/dir.js index 4ae97c216fe64..04846eb8a6e22 100644 --- a/node_modules/pacote/lib/dir.js +++ b/node_modules/pacote/lib/dir.js @@ -32,6 +32,9 @@ class DirFetcher extends Fetcher { if (!mani.scripts || !mani.scripts.prepare) { return } + if (this.opts.ignoreScripts) { + return + } // we *only* run prepare. // pre/post-pack is run by the npm CLI for publish and pack, diff --git a/node_modules/pacote/package.json b/node_modules/pacote/package.json index 71c9aa1ce3257..335c7a6c87bd3 100644 --- a/node_modules/pacote/package.json +++ b/node_modules/pacote/package.json @@ -1,6 +1,6 @@ { "name": "pacote", - "version": "19.0.1", + "version": "20.0.0", "description": "JavaScript package downloader", "author": "GitHub Inc.", "bin": { diff --git a/package-lock.json b/package-lock.json index ef6e5a5a0f235..5d8ec18c096b2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -135,7 +135,7 @@ "npm-registry-fetch": "^18.0.1", "npm-user-validate": "^3.0.0", "p-map": "^4.0.0", - "pacote": "^19.0.1", + "pacote": "^20.0.0", "parse-conflict-json": "^4.0.0", "proc-log": "^5.0.0", "qrcode-terminal": "^0.12.0", @@ -2012,45 +2012,13 @@ "json-stringify-safe": "^5.0.1", "nock": "^13.3.3", "npm-package-arg": "^12.0.0", - "pacote": "^19.0.0", + "pacote": "^20.0.0", "tap": "^16.3.8" }, "engines": { "node": "^20.17.0 || >=22.9.0" } }, - "mock-registry/node_modules/pacote": { - "version": "20.0.0", - "resolved": "https://registry.npmjs.org/pacote/-/pacote-20.0.0.tgz", - "integrity": "sha512-pRjC5UFwZCgx9kUFDVM9YEahv4guZ1nSLqwmWiLUnDbGsjs+U5w7z6Uc8HNR1a6x8qnu5y9xtGE6D1uAuYz+0A==", - "dev": true, - "license": "ISC", - "dependencies": { - "@npmcli/git": "^6.0.0", - "@npmcli/installed-package-contents": "^3.0.0", - "@npmcli/package-json": "^6.0.0", - "@npmcli/promise-spawn": "^8.0.0", - "@npmcli/run-script": "^9.0.0", - "cacache": "^19.0.0", - "fs-minipass": "^3.0.0", - "minipass": "^7.0.2", - "npm-package-arg": "^12.0.0", - "npm-packlist": "^9.0.0", - "npm-pick-manifest": "^10.0.0", - "npm-registry-fetch": "^18.0.0", - "proc-log": "^5.0.0", - "promise-retry": "^2.0.1", - "sigstore": "^3.0.0", - "ssri": "^12.0.0", - "tar": "^6.1.11" - }, - "bin": { - "pacote": "bin/index.js" - }, - "engines": { - "node": "^18.17.0 || >=20.5.0" - } - }, "node_modules/@actions/core": { "version": "1.10.1", "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.1.tgz", @@ -3433,14 +3401,14 @@ } }, "node_modules/@npmcli/metavuln-calculator": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/metavuln-calculator/-/metavuln-calculator-8.0.0.tgz", - "integrity": "sha512-zR2TGfhR8fH1u4VRz9fuC7r1nI9dweViRDsFnMH8J89OA90lJNwF6idTttEzYSWaOTW4NVoAIB6+ujV+/wI+kg==", + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/@npmcli/metavuln-calculator/-/metavuln-calculator-8.0.1.tgz", + "integrity": "sha512-WXlJx9cz3CfHSt9W9Opi1PTFc4WZLFomm5O8wekxQZmkyljrBRwATwDxfC9iOXJwYVmfiW1C1dUe0W2aN0UrSg==", "license": "ISC", "dependencies": { "cacache": "^19.0.0", "json-parse-even-better-errors": "^4.0.0", - "pacote": "^19.0.0", + "pacote": "^20.0.0", "proc-log": "^5.0.0", "semver": "^7.3.5" }, @@ -12916,9 +12884,9 @@ "license": "BlueOak-1.0.0" }, "node_modules/pacote": { - "version": "19.0.1", - "resolved": "https://registry.npmjs.org/pacote/-/pacote-19.0.1.tgz", - "integrity": "sha512-zIpxWAsr/BvhrkSruspG8aqCQUUrWtpwx0GjiRZQhEM/pZXrigA32ElN3vTcCPUDOFmHr6SFxwYrvVUs5NTEUg==", + "version": "20.0.0", + "resolved": "https://registry.npmjs.org/pacote/-/pacote-20.0.0.tgz", + "integrity": "sha512-pRjC5UFwZCgx9kUFDVM9YEahv4guZ1nSLqwmWiLUnDbGsjs+U5w7z6Uc8HNR1a6x8qnu5y9xtGE6D1uAuYz+0A==", "inBundle": true, "license": "ISC", "dependencies": { @@ -18439,7 +18407,7 @@ "npm-package-arg": "^12.0.0", "npm-pick-manifest": "^10.0.0", "npm-registry-fetch": "^18.0.1", - "pacote": "^19.0.0", + "pacote": "^20.0.0", "parse-conflict-json": "^4.0.0", "proc-log": "^5.0.0", "proggy": "^3.0.0", @@ -18520,7 +18488,7 @@ "diff": "^5.1.0", "minimatch": "^9.0.4", "npm-package-arg": "^12.0.0", - "pacote": "^19.0.0", + "pacote": "^20.0.0", "tar": "^6.2.1" }, "devDependencies": { @@ -18540,7 +18508,7 @@ "@npmcli/run-script": "^9.0.1", "ci-info": "^4.0.0", "npm-package-arg": "^12.0.0", - "pacote": "^19.0.0", + "pacote": "^20.0.0", "proc-log": "^5.0.0", "read": "^4.0.0", "read-package-json-fast": "^4.0.0", @@ -18601,7 +18569,7 @@ "@npmcli/arborist": "^8.0.0", "@npmcli/run-script": "^9.0.1", "npm-package-arg": "^12.0.0", - "pacote": "^19.0.0" + "pacote": "^20.0.0" }, "devDependencies": { "@npmcli/eslint-config": "^5.0.1", diff --git a/package.json b/package.json index b3767810d28b5..361ca70631ca1 100644 --- a/package.json +++ b/package.json @@ -102,7 +102,7 @@ "npm-registry-fetch": "^18.0.1", "npm-user-validate": "^3.0.0", "p-map": "^4.0.0", - "pacote": "^19.0.1", + "pacote": "^20.0.0", "parse-conflict-json": "^4.0.0", "proc-log": "^5.0.0", "qrcode-terminal": "^0.12.0", diff --git a/tap-snapshots/test/lib/docs.js.test.cjs b/tap-snapshots/test/lib/docs.js.test.cjs index 8e1c57be0bf93..9a75dd12b04bb 100644 --- a/tap-snapshots/test/lib/docs.js.test.cjs +++ b/tap-snapshots/test/lib/docs.js.test.cjs @@ -3680,7 +3680,7 @@ npm pack Options: [--dry-run] [--json] [--pack-destination ] [-w|--workspace [-w|--workspace ...]] -[-ws|--workspaces] [--include-workspace-root] +[-ws|--workspaces] [--include-workspace-root] [--ignore-scripts] Run "npm help pack" for more info @@ -3694,6 +3694,7 @@ npm pack #### \`workspace\` #### \`workspaces\` #### \`include-workspace-root\` +#### \`ignore-scripts\` ` exports[`test/lib/docs.js TAP usage ping > must match snapshot 1`] = ` diff --git a/workspaces/arborist/lib/arborist/rebuild.js b/workspaces/arborist/lib/arborist/rebuild.js index 82f84772f9a85..3340ddaa67067 100644 --- a/workspaces/arborist/lib/arborist/rebuild.js +++ b/workspaces/arborist/lib/arborist/rebuild.js @@ -154,7 +154,9 @@ module.exports = cls => class Builder extends cls { // links should run prepare scripts and only link bins after that if (type === 'links') { - await this.#runScripts('prepare') + if (!this.options.ignoreScripts) { + await this.#runScripts('prepare') + } } if (this.options.binLinks) { await this.#linkAllBins() diff --git a/workspaces/arborist/package.json b/workspaces/arborist/package.json index 067042f6c868b..f382a29ea5123 100644 --- a/workspaces/arborist/package.json +++ b/workspaces/arborist/package.json @@ -26,7 +26,7 @@ "npm-package-arg": "^12.0.0", "npm-pick-manifest": "^10.0.0", "npm-registry-fetch": "^18.0.1", - "pacote": "^19.0.0", + "pacote": "^20.0.0", "parse-conflict-json": "^4.0.0", "proc-log": "^5.0.0", "proggy": "^3.0.0", diff --git a/workspaces/arborist/test/arborist/rebuild.js b/workspaces/arborist/test/arborist/rebuild.js index 7be5d0059cf5a..9d906f4dedd25 100644 --- a/workspaces/arborist/test/arborist/rebuild.js +++ b/workspaces/arborist/test/arborist/rebuild.js @@ -812,3 +812,38 @@ t.test('no workspaces', async t => { }, ]) }) + +t.test('do not run lifecycle scripts of linked deps twice', async t => { + const testdir = t.testdir({ + project: { + 'package.json': JSON.stringify({ + name: 'my-project', + version: '1.0.0', + dependencies: { + foo: 'file:../foo', + }, + }), + node_modules: { + foo: t.fixture('symlink', '../../foo'), + }, + }, + foo: { + 'package.json': JSON.stringify({ + name: 'foo', + version: '1.0.0', + scripts: { + postinstall: 'echo "ok"', + }, + }), + }, + }) + + const path = resolve(testdir, 'project') + const Arborist = t.mock('../../lib/arborist/index.js', { + '@npmcli/run-script': () => { + throw new Error('should not run any scripts') + }, + }) + const arb = new Arborist({ path, ignoreScripts: true }) + await arb.rebuild() +}) diff --git a/workspaces/libnpmdiff/package.json b/workspaces/libnpmdiff/package.json index dfbee091c7b0d..1708d38e5bbb1 100644 --- a/workspaces/libnpmdiff/package.json +++ b/workspaces/libnpmdiff/package.json @@ -53,7 +53,7 @@ "diff": "^5.1.0", "minimatch": "^9.0.4", "npm-package-arg": "^12.0.0", - "pacote": "^19.0.0", + "pacote": "^20.0.0", "tar": "^6.2.1" }, "templateOSS": { diff --git a/workspaces/libnpmexec/package.json b/workspaces/libnpmexec/package.json index 7b511c3df21fc..b4011efebd984 100644 --- a/workspaces/libnpmexec/package.json +++ b/workspaces/libnpmexec/package.json @@ -64,7 +64,7 @@ "@npmcli/run-script": "^9.0.1", "ci-info": "^4.0.0", "npm-package-arg": "^12.0.0", - "pacote": "^19.0.0", + "pacote": "^20.0.0", "proc-log": "^5.0.0", "read": "^4.0.0", "read-package-json-fast": "^4.0.0", diff --git a/workspaces/libnpmpack/package.json b/workspaces/libnpmpack/package.json index 90d1cabf2c1d3..cf81ce20a3c42 100644 --- a/workspaces/libnpmpack/package.json +++ b/workspaces/libnpmpack/package.json @@ -40,7 +40,7 @@ "@npmcli/arborist": "^8.0.0", "@npmcli/run-script": "^9.0.1", "npm-package-arg": "^12.0.0", - "pacote": "^19.0.0" + "pacote": "^20.0.0" }, "engines": { "node": "^20.17.0 || >=22.9.0"