Skip to content

fix: suggest --allow-scripts for global installs in unreviewed-scripts warnings#9469

Merged
owlstronaut merged 4 commits into
npm:latestfrom
JamieMagee:jamimagee/global-allow-scripts-warning
Jun 3, 2026
Merged

fix: suggest --allow-scripts for global installs in unreviewed-scripts warnings#9469
owlstronaut merged 4 commits into
npm:latestfrom
JamieMagee:jamimagee/global-allow-scripts-warning

Conversation

@JamieMagee
Copy link
Copy Markdown
Contributor

@JamieMagee JamieMagee commented Jun 2, 2026

The unreviewed-scripts warning told users to run npm approve-scripts, which fails on global installs and npx/exec because there's no project package.json to write to. The warnings now check npm.global and point global users at the --allow-scripts flag and the allow-scripts .npmrc setting instead.

Covers the install warning (reify-output), the rebuild advisory warning, and the strict-allow-scripts preflight error. Also updates the approve-scripts docs.

References

Fixes #9457

@JamieMagee JamieMagee requested review from a team as code owners June 2, 2026 18:53
ljharb
ljharb reviewed Jun 2, 2026
View reviewed changes
Comment thread lib/commands/rebuild.js Outdated
@JamieMagee JamieMagee requested a review from ljharb June 2, 2026 23:57
ljharb
ljharb reviewed Jun 2, 2026
View reviewed changes
Comment thread lib/commands/rebuild.js Outdated
Comment thread lib/utils/reify-output.js Outdated
Comment thread lib/utils/strict-allow-scripts-preflight.js Outdated
owlstronaut
owlstronaut reviewed Jun 3, 2026
View reviewed changes
Comment thread lib/utils/strict-allow-scripts-preflight.js Outdated
@JamieMagee JamieMagee requested review from ljharb and owlstronaut June 3, 2026 17:51
@owlstronaut owlstronaut merged commit 6603b2c into npm:latest Jun 3, 2026
27 checks passed
@github-actions github-actions Bot mentioned this pull request Jun 3, 2026
Merged
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jun 3, 2026

🎉 Backport to release/v11 created: #9481

@github-actions github-actions Bot mentioned this pull request Jun 3, 2026
Open
owlstronaut pushed a commit that referenced this pull request Jun 3, 2026
@github-actions @JamieMagee
fix: suggest --allow-scripts for global installs in unreviewed-script…
c14e87c 
…s warnings (#9481)

Backport of #9469 to `release/v11`.

Co-authored-by: Jamie Magee <jamie.magee@gmail.com>
@JamieMagee JamieMagee deleted the jamimagee/global-allow-scripts-warning branch June 3, 2026 21:43
@JamieMagee JamieMagee mentioned this pull request Jun 4, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@owlstronaut owlstronaut owlstronaut approved these changes

@ljharb ljharb Awaiting requested review from ljharb

Assignees

No one assigned

Labels

backport:v11

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] Unreviewed-scripts warning suggests npm approve-scripts during global installs, where it can't work

3 participants

@JamieMagee @ljharb @owlstronaut