Skip to content

Auto approve npm scripts from workspace package.json by default #285521

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Tyriar merged 12 commits into from
Jan 2, 2026
Merged

Auto approve npm scripts from workspace package.json by default #285521

Tyriar merged 12 commits into from
Jan 2, 2026

Conversation

@Tyriar
Copy link
Member

@Tyriar Tyriar commented Dec 31, 2025

Fixes #285509

@Tyriar Tyriar added this to the December / January 2026 milestone Dec 31, 2025
@Tyriar Tyriar self-assigned this Dec 31, 2025
Copilot AI review requested due to automatic review settings December 31, 2025 15:12
Copilot AI reviewed Dec 31, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces automatic approval for npm, yarn, and pnpm script commands when the script is defined in the workspace's package.json file. The feature aims to streamline the developer experience by auto-approving safe script executions that are already trusted as part of the workspace.

Key changes:

  • Adds a new CommandLineNpmScriptAutoApproveAnalyzer that checks if npm/yarn/pnpm run commands reference scripts defined in package.json
  • Introduces a new setting chat.tools.terminal.autoApproveWorkspaceNpmScripts (enabled by default for trusted workspaces)
  • Comprehensive test coverage for various package manager commands and edge cases

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 9 comments.

File Description
commandLineNpmScriptAutoApproveAnalyzer.ts New analyzer implementation that parses npm/yarn/pnpm commands, reads package.json, and auto-approves commands when scripts exist
terminalChatAgentToolsConfiguration.ts Adds new configuration setting for controlling npm script auto-approval with workspace trust restrictions
runInTerminalTool.ts Registers the new npm script analyzer alongside existing command line analyzers
commandLineNpmScriptAutoApproveAnalyzer.test.ts Comprehensive test suite covering npm, yarn, pnpm commands, shorthands, built-in commands, and edge cases

@Tyriar Tyriar requested a review from Copilot January 1, 2026 13:12
Copilot AI reviewed Jan 1, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.

@Tyriar Tyriar changed the title Auto approve npm scripts by default Auto approve npm scripts from workspace package.json by default Jan 1, 2026
@Tyriar Tyriar marked this pull request as ready for review January 1, 2026 15:16
@Tyriar Tyriar enabled auto-merge January 1, 2026 15:16
dmitrivMS
dmitrivMS previously approved these changes Jan 2, 2026
View reviewed changes
@Tyriar Tyriar merged commit 05d827b into main Jan 2, 2026
28 checks passed
@Tyriar Tyriar deleted the tyriar/285509 branch January 2, 2026 12:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@dmitrivMS dmitrivMS dmitrivMS approved these changes

Assignees

@Tyriar Tyriar

Labels

None yet

Projects

None yet

Milestone

December 2025

Development

Successfully merging this pull request may close these issues.

Npm scripts in package.json should be auto approved

3 participants

@Tyriar @dmitrivMS