fix(npm): repect allowScripts & ignoreScripts (#9684)

Co-authored-by: Rhys Arkins <rhys@arkins.net>
renovatebot · Apr 22, 2021 · 8c0f7c1 · 8c0f7c1
1 parent cf46043
commit 8c0f7c1
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 5 deletions.
diff --git a/lib/manager/npm/post-update/__snapshots__/npm.spec.ts.snap b/lib/manager/npm/post-update/__snapshots__/npm.spec.ts.snap
@@ -7,7 +7,7 @@ exports[`generateLockFile finds npm globally 1`] = `Array []`;
 exports[`generateLockFile generates lock files 1`] = `
 Array [
   Object {
-    "cmd": "npm install --ignore-scripts --no-audit",
+    "cmd": "npm install --no-audit --ignore-scripts",
     "options": Object {
       "cwd": "some-dir",
       "encoding": "utf-8",
@@ -50,7 +50,7 @@ exports[`generateLockFile performs full install 1`] = `Array []`;
 exports[`generateLockFile performs lock file maintenance 1`] = `
 Array [
   Object {
-    "cmd": "npm install --package-lock-only --ignore-scripts --no-audit",
+    "cmd": "npm install --package-lock-only --no-audit --ignore-scripts",
     "options": Object {
       "cwd": "some-dir",
       "encoding": "utf-8",
@@ -73,7 +73,7 @@ Array [
 exports[`generateLockFile performs lock file updates 1`] = `
 Array [
   Object {
-    "cmd": "npm install --package-lock-only --ignore-scripts --no-audit some-dep@1.0.1",
+    "cmd": "npm install --package-lock-only --no-audit --ignore-scripts some-dep@1.0.1",
     "options": Object {
       "cwd": "some-dir",
       "encoding": "utf-8",

diff --git a/lib/manager/npm/post-update/npm.ts b/lib/manager/npm/post-update/npm.ts
@@ -51,11 +51,16 @@ export async function generateLockFile(
     let cmdOptions = '';
     if (postUpdateOptions?.includes('npmDedupe') || skipInstalls === false) {
       logger.debug('Performing node_modules install');
-      cmdOptions += '--ignore-scripts --no-audit';
+      cmdOptions += '--no-audit';
     } else {
       logger.debug('Updating lock file only');
-      cmdOptions += '--package-lock-only --ignore-scripts --no-audit';
+      cmdOptions += '--package-lock-only --no-audit';
     }
+
+    if (!getAdminConfig().allowScripts || config.ignoreScripts) {
+      cmdOptions += ' --ignore-scripts';
+    }
+
     const tagConstraint = await getNodeConstraint(config);
     const execOptions: ExecOptions = {
       cwd,

diff --git a/lib/manager/types.ts b/lib/manager/types.ts
@@ -277,6 +277,7 @@ export interface PostUpdateConfig extends ManagerConfig, Record<string, any> {
   updatedPackageFiles?: File[];
   postUpdateOptions?: string[];
   skipInstalls?: boolean;
+  ignoreScripts?: boolean;
 
   platform?: string;
   upgrades?: Upgrade[];