feat: add support for allowScripts setting #10007
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zkochan
changed the title
There was a problem hiding this comment.
Pull request overview
This PR adds support for the allowScripts configuration setting to provide fine-grained control over dependency lifecycle scripts (preinstall, install, postinstall). The setting allows explicitly allowing, blocking, or warning about specific package scripts, complementing the existing neverBuiltDependencies option.
- Adds
allowScriptsconfiguration option with support for boolean and 'warn' values - Updates workspace JSON schema with comprehensive documentation and examples
- Integrates the setting through all layers: config → installer → package manager → pnpm
- Includes E2E test coverage for basic allow/block functionality
Reviewed changes
Copilot reviewed 11 out of 12 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| workspace.jsonc | Updates @pnpm/default-reporter to version 1002.1.0 for new functionality support |
| workspace-jsonc-schema.json | Adds JSON schema definition for allowScripts with oneOf boolean/'warn' validation and examples |
| scopes/workspace/install/install.main.runtime.ts | Passes allowScripts config from dependency resolver to install options |
| scopes/dependencies/pnpm/pnpm.package-manager.ts | Forwards allowScripts from install options to pnpm implementation |
| scopes/dependencies/pnpm/lynx.ts | Implements resolveScriptPolicies function to convert allowScripts to pnpm's script control options and adds instructional text for reporter |
| scopes/dependencies/pnpm/lockfile-deps-graph-converter.spec.ts | Converts imports to type imports for PackagesMap and DependencyEdge |
| scopes/dependencies/dependency-resolver/package-manager.ts | Adds allowScripts to PackageManagerInstallOptions type definition |
| scopes/dependencies/dependency-resolver/dependency-resolver.main.runtime.ts | Adds allowScripts parameter to DependencyInstaller constructor |
| scopes/dependencies/dependency-resolver/dependency-resolver-workspace-config.ts | Documents allowScripts config option in workspace config interface |
| scopes/dependencies/dependency-resolver/dependency-installer.ts | Adds allowScripts property and passes it to package manager, removes hardcoded 'core-js' handling |
| e2e/harmony/dependencies/allow-scripts.e2e.ts | Adds E2E test verifying allow/block behavior for dependency scripts |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
scopes/dependencies/dependency-resolver/dependency-resolver-workspace-config.ts
Outdated
Show resolved
Hide resolved
…rkspace-config.ts Co-authored-by: Copilot <[email protected]>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 11 out of 12 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
scopes/dependencies/dependency-resolver/dependency-resolver-workspace-config.ts
Outdated
Show resolved
Hide resolved
GiladShoham
approved these changes
Nov 30, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed Changes