Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

only-allow restricts installation of package as a dependency when the parent uses an alternate package manager. #2

Closed
CxRes opened this issue Mar 22, 2021 · 2 comments · Fixed by #10
Closed

only-allow restricts installation of package as a dependency when the parent uses an alternate package manager. #2

CxRes opened this issue Mar 22, 2021 · 2 comments · Fixed by #10

Comments

@CxRes
Copy link

CxRes commented Mar 22, 2021

As discussed over at discord.

When only-allow is set in a package as a preinstall script, it prevents other packages from installing the given package using an alternate package manager.

For example: if in a package foo with package.json:

{
  ...
  "scripts": {
    "preinstall": "npx -y only-allow pnpm",
    ...
  }
}

then not only can I not do npm install in foo (well if I disregard the bugs in npm v7 which seems to run install before preinstall), I seem to be unable to do in a package bar npm install foo.

Running only allow as a prepare script is also not suitable because:

  • only-allow will unnecessarily be run during publish, and
  • npm install git://path/to/foo.git inside bar will be stopped.

only-allow should only restrict package managers when running npm install in the package itself!
@CxRes
Copy link
Author

CxRes commented Mar 28, 2021
edited

It turns out that npm install has a very unintuitive behavior. According to the folks at npm in an issue I filed with them:

preinstall is a script that runs before the install script, not before the install action. This was discussed in a PR where we proposed changing it, but realized it would be a breaking change: #2713

With this the case, I am not sure how only-allow functionality can even be made to work, no matter which script you use? Any advice (even not a fix) is appreciated.

@jessicamcinchak jessicamcinchak mentioned this issue May 5, 2021
Merged
@golergka
Copy link

Just ran into this exact problem here: JichouP/electron-typescript-ipc#1

@lockiechen lockiechen mentioned this issue May 25, 2022
Merged
zkochan added a commit that referenced this issue Jun 23, 2022
@lockiechen @zkochan @hannoeru
only restrict package managers when running npm install in the packag…
c1aecb2 
…e itself!!! #2 (#10)

* check is dependency

* check is dependency

* check is dependency

* Update bin.js

* add

* add

* add

* add

* Update bin.js

Co-authored-by: ハン / Han <16288797+hannoeru@users.noreply.github.com>

* refactor

* refactor

Co-authored-by: Zoltan Kochan <z@kochan.io>
Co-authored-by: ハン / Han <16288797+hannoeru@users.noreply.github.com>
@neolitec neolitec mentioned this issue Nov 23, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@golergka @CxRes