From 8c0f7c12ef76b2e539fd731932f5a15040f51f1d Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Thu, 22 Apr 2021 17:11:26 +0200
Subject: [PATCH] fix(npm): repect allowScripts & ignoreScripts (#9684)

Co-authored-by: Rhys Arkins <rhys@arkins.net>
---
 .../npm/post-update/__snapshots__/npm.spec.ts.snap       | 6 +++---
 lib/manager/npm/post-update/npm.ts                       | 9 +++++++--
 lib/manager/types.ts                                     | 1 +
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/lib/manager/npm/post-update/__snapshots__/npm.spec.ts.snap b/lib/manager/npm/post-update/__snapshots__/npm.spec.ts.snap
index ca01a58982538b..bba9f265872a67 100644
--- a/lib/manager/npm/post-update/__snapshots__/npm.spec.ts.snap
+++ b/lib/manager/npm/post-update/__snapshots__/npm.spec.ts.snap
@@ -7,7 +7,7 @@ exports[`generateLockFile finds npm globally 1`] = `Array []`;
 exports[`generateLockFile generates lock files 1`] = `
 Array [
   Object {
-    "cmd": "npm install --ignore-scripts --no-audit",
+    "cmd": "npm install --no-audit --ignore-scripts",
     "options": Object {
       "cwd": "some-dir",
       "encoding": "utf-8",
@@ -50,7 +50,7 @@ exports[`generateLockFile performs full install 1`] = `Array []`;
 exports[`generateLockFile performs lock file maintenance 1`] = `
 Array [
   Object {
-    "cmd": "npm install --package-lock-only --ignore-scripts --no-audit",
+    "cmd": "npm install --package-lock-only --no-audit --ignore-scripts",
     "options": Object {
       "cwd": "some-dir",
       "encoding": "utf-8",
@@ -73,7 +73,7 @@ Array [
 exports[`generateLockFile performs lock file updates 1`] = `
 Array [
   Object {
-    "cmd": "npm install --package-lock-only --ignore-scripts --no-audit some-dep@1.0.1",
+    "cmd": "npm install --package-lock-only --no-audit --ignore-scripts some-dep@1.0.1",
     "options": Object {
       "cwd": "some-dir",
       "encoding": "utf-8",
diff --git a/lib/manager/npm/post-update/npm.ts b/lib/manager/npm/post-update/npm.ts
index 8b28332155c787..9405b604056a2b 100644
--- a/lib/manager/npm/post-update/npm.ts
+++ b/lib/manager/npm/post-update/npm.ts
@@ -51,11 +51,16 @@ export async function generateLockFile(
     let cmdOptions = '';
     if (postUpdateOptions?.includes('npmDedupe') || skipInstalls === false) {
       logger.debug('Performing node_modules install');
-      cmdOptions += '--ignore-scripts --no-audit';
+      cmdOptions += '--no-audit';
     } else {
       logger.debug('Updating lock file only');
-      cmdOptions += '--package-lock-only --ignore-scripts --no-audit';
+      cmdOptions += '--package-lock-only --no-audit';
     }
+
+    if (!getAdminConfig().allowScripts || config.ignoreScripts) {
+      cmdOptions += ' --ignore-scripts';
+    }
+
     const tagConstraint = await getNodeConstraint(config);
     const execOptions: ExecOptions = {
       cwd,
diff --git a/lib/manager/types.ts b/lib/manager/types.ts
index c73d71f4775962..5cccc8a481b3ab 100644
--- a/lib/manager/types.ts
+++ b/lib/manager/types.ts
@@ -277,6 +277,7 @@ export interface PostUpdateConfig extends ManagerConfig, Record<string, any> {
   updatedPackageFiles?: File[];
   postUpdateOptions?: string[];
   skipInstalls?: boolean;
+  ignoreScripts?: boolean;
 
   platform?: string;
   upgrades?: Upgrade[];