Skip to content

Commit bba7731

Browse files
clydinjosephperrott
clydin
authored and
josephperrott
committed
build: restrict postinstall scripts during package installation
When performing a yarn-based package installation, only a specific group of dependencies will now have postinstall scripts executed. This not only provides additional security benefits but also reduced the amount of script execution that occurs during each install. The workspace scripts are automatically allowed and additional specific packages can be allowed as needed.
1 parent 9ccc5b5 commit bba7731

File tree

5 files changed

+32
-4
lines changed

5 files changed

+32
-4
lines changed

material.angular.io/material.angular.io/material.angular.io/material.angular.io/material.angular.io/.aspect/rules/external_repository_action_cache/npm_translate_lock_LTE4Nzc1MDcwNjU=

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,6 @@
22
# Input hashes for repository rule npm_translate_lock(name = "npm", pnpm_lock = "//:pnpm-lock.yaml").
33
# This file should be checked into version control along with the pnpm-lock.yaml file.
44
.npmrc=-1306950124
5-
pnpm-lock.yaml=1345633539
6-
yarn.lock=-2024993586
7-
package.json=-2093305059
5+
pnpm-lock.yaml=1087437730
6+
yarn.lock=-1043892813
7+
package.json=430646288

material.angular.io/material.angular.io/material.angular.io/material.angular.io/material.angular.io/.yarnrc.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
enableScripts: false
2+
13
nodeLinker: node-modules
24

35
yarnPath: .yarn/releases/yarn-4.4.0.cjs

material.angular.io/material.angular.io/material.angular.io/material.angular.io/material.angular.io/package.json

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,5 +102,16 @@
102102
"ts-node": "^8.10.2",
103103
"typescript": "~5.5.2"
104104
},
105-
"packageManager": "[email protected]"
105+
"packageManager": "[email protected]",
106+
"dependenciesMeta": {
107+
"esbuild": {
108+
"built": true
109+
},
110+
"puppeteer": {
111+
"built": true
112+
},
113+
"re2": {
114+
"built": true
115+
}
116+
}
106117
}

material.angular.io/material.angular.io/material.angular.io/material.angular.io/material.angular.io/pnpm-lock.yaml

Lines changed: 8 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

material.angular.io/material.angular.io/material.angular.io/material.angular.io/material.angular.io/yarn.lock

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12129,6 +12129,13 @@ __metadata:
1212912129
tslib: "npm:^2.3.0"
1213012130
typescript: "npm:~5.5.2"
1213112131
zone.js: "npm:~0.14.10"
12132+
dependenciesMeta:
12133+
esbuild:
12134+
built: true
12135+
puppeteer:
12136+
built: true
12137+
re2:
12138+
built: true
1213212139
languageName: unknown
1213312140
linkType: soft
1213412141

0 commit comments

Comments
 (0)