Add run-install-scripts flag to disable npm pre/post install scripts by default by Copilot · Pull Request #24863 · github/gh-aw

Copilot · 2026-04-06T11:33:10Z

Summary

Updates the runtime manager to emit --ignore-scripts on all generated npm install commands by default, preventing supply chain attacks via malicious npm package install hooks. Adds a run-install-scripts opt-in field for workflows that legitimately need install scripts to execute.

Problem

npm packages can execute arbitrary code during installation via preinstall, postinstall, and other lifecycle scripts. Malicious or compromised packages can use these hooks to exfiltrate secrets, install backdoors, or corrupt the runner environment. This is a known supply chain attack vector.

Previously, the runtime manager generated bare npm install commands with no protection against install scripts.

Changes

Default behaviour (breaking for install scripts)

All generated npm install commands now include --ignore-scripts:

- run: npm install -g @anthropic-ai/claude-code@latest
+ run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest

Affected locations:

pkg/workflow/nodejs.go — engine CLI installs (Claude, Codex, Gemini)
pkg/workflow/qmd.go — QMD documentation tool install
actions/setup/setup.sh — framework @actions/github install

New `run-install-scripts` frontmatter field

Users who need install scripts can opt in globally or per-runtime:

# Global opt-in (all runtimes)
run-install-scripts: true

# Per-runtime opt-in (node only, since it's the only runtime generating npm install commands)
runtimes:
  node:
    run-install-scripts: true

When run-install-scripts: true is set:

Non-strict mode: emits a supply chain security warning to stderr and increments the warning count
Strict mode: compilation fails with an error

Shared workflow support

The run-install-scripts setting from imported shared agentic workflows is propagated correctly:

Per-runtime run-install-scripts merges via the existing mergeRuntimes mechanism
Global run-install-scripts is extracted from imports via a new MergedRunInstallScripts bool field in ImportsResult

Schema

run-install-scripts is documented in the JSON schema (both at top-level and in runtimes.*) and will appear in IDE autocompletion.

Package manager research

Package manager	Pre/post install scripts	Flag
npm / yarn / pnpm	✅ Yes (`preinstall`, `postinstall`, etc.)	`--ignore-scripts`
pip / uv	❌ No lifecycle scripts	N/A
go	❌ No lifecycle scripts	N/A
gem / bundler	❌ No lifecycle scripts	N/A
dotnet	❌ No lifecycle scripts	N/A
elixir / mix	❌ No lifecycle scripts	N/A
haskell / cabal	❌ No lifecycle scripts	N/A
java / maven	❌ No lifecycle scripts	N/A

Only npm has meaningful pre/post install scripts among the supported runtimes, so --ignore-scripts is the only relevant flag.

Tests

pkg/workflow/run_install_scripts_validation_test.go — new file with comprehensive unit tests
Updated claude_engine_test.go and engine_includes_test.go to expect --ignore-scripts
All 181 lock files recompiled with updated npm install commands

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/744e4164-27d0-4991-b0d7-594f812a7c14 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

pelikhan · 2026-04-06T11:36:50Z

@copilot rename run-scripts to run-install-scripts

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/eaec605c-e5b6-4781-936e-4744f3448919 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot · 2026-04-06T11:45:33Z

@copilot rename run-scripts to run-install-scripts

Done in 75d5400. Renamed run-scripts → run-install-scripts throughout — JSON field names, Go struct/variable identifiers, schema, validation file names, and all comments/docs.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

https://api.github.com/graphql
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw /tmp/go-build154/home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/pre�� 45516/b271/vet.c--write node /opt�� ath ../../../.pr**/*.json --package-lock-o--ignore-path /usr/bin/git -bool -buildtags /opt/hostedtoolc"prettier" --write '../../../**/*.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path ../../../.prettierignore git (http block)
- Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw /tmp/go-build154/home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/pre�� /opt/hostedtoolc--write node /opt�� ath ../../../.pr**/*.json --package-lock-o--ignore-path /usr/bin/git -unreachable=falsh /tmp/go-build154-c /opt/hostedtoolc"prettier" --write '../../../**/*.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path ../../../.prettierignore git (http block)
https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
- Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha -unreachable=false /tmp/go-build15445516/b244/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/v3
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha e=false committer.name ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/v5
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha /tmp/TestHashConsistency_GoAndJavaScript4214123195/001/test-simple-frontmatter.md -tests 1/x64/bin/node (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git s/g t.go 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git e-analyzer.md fg 64/pkg/tool/linu--show-toplevel git (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/v6
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha -bool -buildtags 45516/b333/vet.cfg -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build15445516/b196/vet.cfg ache/node/24.14.1/x64/bin/node (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha -unreachable=false /tmp/go-build15445516/b046/vet.cfg 45516/b319/vet.cfg (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel x_amd64/vet /usr/bin/git ipts\|runScriptsgit g/parser/ x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git athSetup_GorootOgit (http block)
https://api.github.com/repos/actions/github-script/git/ref/tags/v8
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -unreachable=false /tmp/go-build15445516/b089/vet.cfg 45516/b308/vet.cfg (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha ithub/workflows/agent-persona-explorer.md /tmp/go-build15445516/b044/vet.cfg 45516/b344/vet.cfg (http block)
https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha -bool -buildtags 45516/b330/vet.cfg -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build15445516/b185/vet.cfg ache/node/24.14.1/x64/bin/node (http block)
https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha -bool -buildtags 45516/b320/vet.cfg -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build15445516/b203/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
- Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha get fg 64/pkg/tool/linux_amd64/vet committer.name (http block)
https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
- Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha ath ../../../.pr**/*.json /opt/hostedtoolc--ignore-path /usr/bin/git sistency_GoAndJash /tmp/go-build154-c /opt/hostedtoolc"prettier" --write '../../../**/*.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path ../../../.prettierignore git rev-�� re --log-level=error /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git -bool -buildtags ache/node/24.14.--get-regexp git (http block)
- Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha ath ../../../.pr**/*.json --package-lock-o--ignore-path /usr/bin/git -bool -buildtags /opt/hostedtoolc"prettier" --write '../../../**/*.json' '!../../../pkg/workflow/js/**/*.json' --ignore-path ../../../.prettierignore git rev-�� re --log-level=error /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet modules/@npmcli/run-script/lib/node-gyp-bin/node -bool -buildtags /opt/hostedtoolc/home/REDACTED/work/gh-aw/gh-aw/.github/workflows grep (http block)
https://api.github.com/repos/github/gh-aw
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility json' --ignore-path ../../../.pr**/*.json git 1/x64/bin/node k/gh-aw/gh-aw/.ggit (http block)
https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha -bool -buildtags 45516/b317/vet.cfg -errorsas -ifaceassert -nilfunc /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build15445516/b186/vet.cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha y.md fg 64/pkg/tool/linux_amd64/vet committer.email (http block)
https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha get fg 64/pkg/tool/linux_amd64/vet committer.email (http block)
https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha /tmp/TestHashConsistency_GoAndJavaScript4214123195/001/test-frontmatter-with-arrays.md (http block)
https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha (http block)
https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
- Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha re --log-level=error 1/x64/bin/node $name) { hasDiscussionsEnabled } } -bool -buildtags /opt/hostedtoolc/home/REDACTED/work/gh-aw/gh-aw/.github/workflows head /pre�� /tmp/gh-aw/aw-master.patch /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile /usr/bin/git /tmp/go-build110git -trimpath /usr/bin/git git (http block)
https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
- Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

github-actions · 2026-04-06T11:50:28Z

📰 DEVELOPING STORY: Smoke Copilot ARM64 reports was cancelled. Our correspondents are investigating the incident...

github-actions · 2026-04-06T11:50:34Z

❌ Smoke Project encountered failures. Check the logs for details.

github-actions · 2026-04-06T11:50:34Z

❌ Smoke Multi PR failed to create multiple PRs. Check the logs.

github-actions · 2026-04-06T11:50:55Z

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

Copilot

Pull request overview

This PR hardens generated workflow npm installs by defaulting to --ignore-scripts to prevent execution of npm lifecycle hooks, and introduces a run-install-scripts frontmatter opt-in that surfaces warnings (or errors in strict mode).

Changes:

Add workflow-level resolution + validation for run-install-scripts (including import propagation).
Update generated npm install commands to include --ignore-scripts by default.
Regenerate affected workflow lock files and update unit tests/schema for the new setting.

Show a summary per file

File	Description
pkg/workflow/run_install_scripts_validation.go	Adds resolution + compiler validation for `run-install-scripts`.
pkg/workflow/run_install_scripts_validation_test.go	Adds unit tests covering resolution, npm step generation, and validation behavior.
pkg/workflow/nodejs.go	Adds `runInstallScripts` plumbing and defaults `npm install` to `--ignore-scripts`.
pkg/workflow/qmd.go	Adds `--ignore-scripts` to qmd SDK npm install step.
pkg/workflow/frontmatter_types.go	Extends typed frontmatter/runtime configs to include `run-install-scripts`.
pkg/workflow/engine_helpers.go	Passes `WorkflowData.RunInstallScripts` into npm engine install step generation.
pkg/workflow/compiler_types.go	Stores resolved `RunInstallScripts` on `WorkflowData`.
pkg/workflow/compiler_orchestrator_tools.go	Resolves `RunInstallScripts` from frontmatter + merged runtimes + imports.
pkg/workflow/compiler_orchestrator_workflow.go	Invokes `run-install-scripts` validation during workflow parsing.
pkg/workflow/claude_engine_test.go	Updates expected install commands to include `--ignore-scripts`.
pkg/workflow/engine_includes_test.go	Updates lockfile expectation for npm install to include `--ignore-scripts`.
pkg/parser/import_processor.go	Adds `MergedRunInstallScripts` to imports result to propagate import settings.
pkg/parser/import_field_extractor.go	Extracts `run-install-scripts` from imported workflows (global and node runtime).
pkg/parser/schemas/main_workflow_schema.json	Documents `run-install-scripts` at top-level and per-runtime in schema.
actions/setup/setup.sh	Adds `--ignore-scripts` to runtime installation of `@actions/github`.
.github/workflows/weekly-blog-post-writer.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/unbloat-docs.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/typist.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/test-create-pr-error-handling.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/technical-doc-writer.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/step-name-alignment.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/static-analysis-report.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/smoke-gemini.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/smoke-codex.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/smoke-claude.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/smoke-call-workflow.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/smoke-agent-scoped-approved.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/smoke-agent-public-none.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/smoke-agent-public-approved.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/smoke-agent-all-none.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/smoke-agent-all-merged.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/sergo.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/semantic-function-refactor.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/scout.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/schema-feature-coverage.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/schema-consistency-checker.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/safe-output-health.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/prompt-clustering-analysis.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/lockfile-stats.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/issue-arborist.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/instructions-janitor.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/hourly-ci-cleaner.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/grumpy-reviewer.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/go-pattern-detector.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/go-logger.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/go-fan.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/glossary-maintainer.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/github-mcp-tools-report.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/github-mcp-structural-analysis.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/example-workflow-analyzer.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/duplicate-code-detector.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/dictation-prompt.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/developer-docs-consolidator.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/dev.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/deep-report.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/daily-team-evolution-insights.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/daily-security-red-team.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/daily-safe-outputs-conformance.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/daily-safe-output-optimizer.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/daily-rendering-scripts-verifier.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/daily-otel-instrumentation-advisor.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/daily-observability-report.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/daily-multi-device-docs-tester.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/daily-function-namer.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/daily-fact.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/daily-doc-updater.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/daily-doc-healer.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/daily-code-metrics.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/daily-choice-test.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/copilot-session-insights.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/copilot-agent-analysis.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/commit-changes-analyzer.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/codex-github-remote-mcp-test.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/cloclo.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/cli-version-checker.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/claude-code-user-docs-review.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/ci-doctor.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/changeset.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/blog-auditor.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/audit-workflows.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.
.github/workflows/ai-moderator.lock.yml	Regenerated lock workflow with `--ignore-scripts` on npm installs.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Files reviewed: 81/81 changed files
Comments generated: 4

Copilot · 2026-04-06T14:29:29Z

pkg/workflow/compiler_orchestrator_workflow.go

+	// Validate run-install-scripts setting (warning in non-strict mode, error in strict mode)
+	if err := c.validateRunInstallScripts(workflowData); err != nil {
+		return nil, fmt.Errorf("%s: %w", cleanPath, err)
+	}


validateRunInstallScripts is executed after setupEngineAndImports restores c.strictMode back to its initial (CLI) value, so workflows that are strict via frontmatter default/strict: true will incorrectly get a warning instead of an error. Consider running this validation while c.strictMode is set to effectiveStrictMode(result.Frontmatter) (similar to validateUpdateCheck), or compute strictness from workflowData.RawFrontmatter inside the validator.

Copilot · 2026-04-06T14:29:30Z

pkg/workflow/run_install_scripts_validation.go

+	if c.strictMode {
+		return fmt.Errorf("strict mode: %s", warningMsg)
+	}
+
+	fmt.Fprintln(os.Stderr, console.FormatWarningMessage(warningMsg))


This validator uses c.strictMode, but that field represents the CLI flag and may not reflect the workflow’s effective strictness (frontmatter default is strict). Use c.effectiveStrictMode(workflowData.RawFrontmatter) (or pass the effective strict value in) to decide between warning vs error, otherwise run-install-scripts: true won’t be rejected in strict workflows unless the CLI strict flag is set.

Copilot · 2026-04-06T14:29:30Z

pkg/workflow/qmd.go

 		// Install the @tobilu/qmd SDK into the gh-aw actions directory so qmd_index.cjs
 		// can require('@tobilu/qmd') via the adjacent node_modules folder.
 		npmInstall := "      - name: Install @tobilu/qmd SDK\n"
 		npmInstall += ifCacheMiss
 		npmInstall += "        run: |\n"
-		npmInstall += fmt.Sprintf("          npm install --prefix \"${{ runner.temp }}/gh-aw/actions\" --legacy-peer-deps @tobilu/qmd@%s @actions/github\n", version)
+		npmInstall += fmt.Sprintf("          npm install --ignore-scripts --prefix \"${{ runner.temp }}/gh-aw/actions\" --legacy-peer-deps @tobilu/qmd@%s @actions/github\n", version)
 		steps = append(steps, npmInstall)


The generated qmd install command always includes --ignore-scripts and does not appear to respect the new run-install-scripts: true opt-in. If run-install-scripts is intended to disable --ignore-scripts for all generated npm installs, thread WorkflowData.RunInstallScripts into qmd step generation (e.g., by passing a flag into generateQmdIndexSteps) and conditionally omit the flag.

Copilot · 2026-04-06T14:29:30Z

pkg/parser/schemas/main_workflow_schema.json

+            "run-install-scripts": {
+              "type": "boolean",
+              "default": false,
+              "description": "Allow npm pre/post install scripts to execute for this runtime during package installation. Overrides the global run-install-scripts setting for this specific runtime. Only affects runtimes that generate npm install commands (node). A supply chain security warning is emitted at compile time; in strict mode this is an error.",
+              "examples": [false, true]


Schema text says per-runtime run-install-scripts "overrides" the global setting, but the current resolution logic is OR-based (any true enables scripts) and there’s no way for a per-runtime false to override a global true. Either adjust the schema description to match the implemented semantics, or implement precedence/override behavior.

Copilot AI and others added 2 commits April 6, 2026 11:28

Add run-scripts flag to disable npm pre/post install scripts by default

6c7cd09

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/744e4164-27d0-4991-b0d7-594f812a7c14 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Fix test file: remove unnecessary type conversions per code review

321c53a

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/744e4164-27d0-4991-b0d7-594f812a7c14 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI assigned Copilot and pelikhan Apr 6, 2026

Copilot created this pull request from a session on behalf of pelikhan April 6, 2026 11:34 View session

Copilot AI requested a review from pelikhan April 6, 2026 11:34

Copilot finished work on behalf of pelikhan April 6, 2026 11:34

Copilot started work on behalf of pelikhan April 6, 2026 11:36 View session

Rename run-scripts to run-install-scripts

75d5400

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/eaec605c-e5b6-4781-936e-4744f3448919 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI changed the title ~~Add run-scripts flag to disable npm pre/post install scripts by default~~ Add run-install-scripts flag to disable npm pre/post install scripts by default Apr 6, 2026

Copilot finished work on behalf of pelikhan April 6, 2026 11:46

pelikhan added smoke agent-quality labels Apr 6, 2026

github-actions bot removed the smoke label Apr 6, 2026

github-actions bot mentioned this pull request Apr 6, 2026

[PR Triage Report] PR Triage Report - 2026-04-06 #24880

Closed

pelikhan marked this pull request as ready for review April 6, 2026 14:23

Copilot AI review requested due to automatic review settings April 6, 2026 14:23

Copilot started reviewing on behalf of pelikhan April 6, 2026 14:24 View session

pelikhan merged commit dd4b4eb into main Apr 6, 2026
335 of 451 checks passed

pelikhan deleted the copilot/update-runtime-manager-flags branch April 6, 2026 14:25

Copilot AI reviewed Apr 6, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add run-install-scripts flag to disable npm pre/post install scripts by default#24863

Add run-install-scripts flag to disable npm pre/post install scripts by default#24863
pelikhan merged 3 commits intomainfrom
copilot/update-runtime-manager-flags

Copilot AI commented Apr 6, 2026 •

edited

Loading

Uh oh!

pelikhan commented Apr 6, 2026

Uh oh!

Copilot AI commented Apr 6, 2026 •

edited

Loading

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

github-actions bot commented Apr 6, 2026

Uh oh!

github-actions bot commented Apr 6, 2026

Uh oh!

github-actions bot commented Apr 6, 2026

Uh oh!

github-actions bot commented Apr 6, 2026

Uh oh!

Uh oh!

Copilot AI left a comment

Uh oh!

Copilot AI Apr 6, 2026

Uh oh!

Copilot AI Apr 6, 2026

Uh oh!

Copilot AI Apr 6, 2026

Uh oh!

Copilot AI Apr 6, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

Copilot AI commented Apr 6, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Problem

Changes

Default behaviour (breaking for install scripts)

New run-install-scripts frontmatter field

Shared workflow support

Schema

Package manager research

Tests

Uh oh!

pelikhan commented Apr 6, 2026

Uh oh!

Copilot AI commented Apr 6, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

github-actions bot commented Apr 6, 2026

Uh oh!

github-actions bot commented Apr 6, 2026

Uh oh!

github-actions bot commented Apr 6, 2026

Uh oh!

github-actions bot commented Apr 6, 2026

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Copilot's findings

Uh oh!

Copilot AI Apr 6, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Apr 6, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Apr 6, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Apr 6, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Copilot AI commented Apr 6, 2026 •

edited

Loading

New `run-install-scripts` frontmatter field

Copilot AI commented Apr 6, 2026 •

edited

Loading