From 9184cdf4228f46f3e6a47d9afee7cd067f497a3a Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Thu, 22 Apr 2021 16:09:03 +0200
Subject: [PATCH 1/2] fix(npm): repect allowScripts & ignoreScripts

---
 lib/manager/npm/post-update/npm.ts | 9 +++++++--
 lib/manager/types.ts               | 1 +
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/manager/npm/post-update/npm.ts b/lib/manager/npm/post-update/npm.ts
index 8b28332155c787..9405b604056a2b 100644
--- a/lib/manager/npm/post-update/npm.ts
+++ b/lib/manager/npm/post-update/npm.ts
@@ -51,11 +51,16 @@ export async function generateLockFile(
     let cmdOptions = '';
     if (postUpdateOptions?.includes('npmDedupe') || skipInstalls === false) {
       logger.debug('Performing node_modules install');
-      cmdOptions += '--ignore-scripts --no-audit';
+      cmdOptions += '--no-audit';
     } else {
       logger.debug('Updating lock file only');
-      cmdOptions += '--package-lock-only --ignore-scripts --no-audit';
+      cmdOptions += '--package-lock-only --no-audit';
     }
+
+    if (!getAdminConfig().allowScripts || config.ignoreScripts) {
+      cmdOptions += ' --ignore-scripts';
+    }
+
     const tagConstraint = await getNodeConstraint(config);
     const execOptions: ExecOptions = {
       cwd,
diff --git a/lib/manager/types.ts b/lib/manager/types.ts
index c73d71f4775962..5cccc8a481b3ab 100644
--- a/lib/manager/types.ts
+++ b/lib/manager/types.ts
@@ -277,6 +277,7 @@ export interface PostUpdateConfig extends ManagerConfig, Record<string, any> {
   updatedPackageFiles?: File[];
   postUpdateOptions?: string[];
   skipInstalls?: boolean;
+  ignoreScripts?: boolean;
 
   platform?: string;
   upgrades?: Upgrade[];

From bd2a05846f075880876ce214c277b2111a25d423 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Thu, 22 Apr 2021 16:55:58 +0200
Subject: [PATCH 2/2] test: fix snapshots

---
 lib/manager/npm/post-update/__snapshots__/npm.spec.ts.snap | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/manager/npm/post-update/__snapshots__/npm.spec.ts.snap b/lib/manager/npm/post-update/__snapshots__/npm.spec.ts.snap
index ca01a58982538b..bba9f265872a67 100644
--- a/lib/manager/npm/post-update/__snapshots__/npm.spec.ts.snap
+++ b/lib/manager/npm/post-update/__snapshots__/npm.spec.ts.snap
@@ -7,7 +7,7 @@ exports[`generateLockFile finds npm globally 1`] = `Array []`;
 exports[`generateLockFile generates lock files 1`] = `
 Array [
   Object {
-    "cmd": "npm install --ignore-scripts --no-audit",
+    "cmd": "npm install --no-audit --ignore-scripts",
     "options": Object {
       "cwd": "some-dir",
       "encoding": "utf-8",
@@ -50,7 +50,7 @@ exports[`generateLockFile performs full install 1`] = `Array []`;
 exports[`generateLockFile performs lock file maintenance 1`] = `
 Array [
   Object {
-    "cmd": "npm install --package-lock-only --ignore-scripts --no-audit",
+    "cmd": "npm install --package-lock-only --no-audit --ignore-scripts",
     "options": Object {
       "cwd": "some-dir",
       "encoding": "utf-8",
@@ -73,7 +73,7 @@ Array [
 exports[`generateLockFile performs lock file updates 1`] = `
 Array [
   Object {
-    "cmd": "npm install --package-lock-only --ignore-scripts --no-audit some-dep@1.0.1",
+    "cmd": "npm install --package-lock-only --no-audit --ignore-scripts some-dep@1.0.1",
     "options": Object {
       "cwd": "some-dir",
       "encoding": "utf-8",