typicode / pinst Goto Github PK

View Code? Open in Web Editor NEW

256.0 4.0 8.0 438 KB

🍺 dev only postinstall hooks (package.json)

License: MIT License

JavaScript 98.24% Shell 1.76%

npm hooks postinstall dev production yarn pnpm hook

pinst's Introduction

pinst

pinst lets you have postinstall hook that runs only in dev 🍺

Important if your project is using npm or pnpm, you can achieve the desired effect by setting a prepare hook instead. pinst is mainly useful for Yarn 2+ since it doesn't support prepare hook. See https://yarnpkg.com/advanced/lifecycle-scripts

Usage

// package.json
{
  "scripts": {
    "postinstall": "<some dev only command>",
    "prepack": "pinst --disable",
    "postpack": "pinst --enable"
  }
}

On prepack, postinstall will be renamed to _postinstall (disabled)

On postpack, it will be renamed back to postinstall (enabled)

CLI

pinst accepts the following flags:

--enable, -e   Enable postinstall hook
--disable, -d  Disable postinstall hook
--silent, -s

Tips

By inverting commands, you can also use pinst to enable postinstall for your users only and not yourself.

pinst also supports install alias.

License

MIT - Typicode 🌵

pinst's People

Contributors

Stargazers

Watchers

Forkers

kytta ozum imcuttle long-lazuli phiberber contaazul

pinst's Issues

Upgrade meow dependency

npm is failing a security audit due to an outdated meow dependency. Current meow dependency is 5.x; latest meow version (8.x) has a fixed yargs-parser dependency.

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ pinst [dev]                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ pinst > meow > yargs-parser                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1500                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 1496 scanned packages

Packages that use pinst are broken when they are installed with npm 10.4.0 and later

Hello.

Just a heads up that npm 10.4.0 and later seem to have broken pinst. It seems that npm 10.4.0 runs scripts named _postinstall after package installation exactly as if they were named postinstall.

This seems to be a bug in npm, but I am reporting it here for visibility. See npm/cli#7322.

Recommendation for Yarn v2+

First of all, thank you for pinst and husky, I love these packages so much! ❤️

Regarding my question, as you know from husky, Yarn v2+ has narrower support for lifecycle hooks. Instead of prepublishOnly I think it's ok to use prepack, but postpack seems to be running before publish, so is there a general recommendation for using pinst with Yarn v2+?

preinstall

Hi,

Is it possible to add preinstall script?

(dev only preinstall hooks)

Thanks,

npm running _postinstall!?!??!

I have the following package.json

  "scripts": {
    "prepack": "pinst --disable",
    "postpack": "pinst --enable",
    "postinstall": "run-my-thing"
  },

When I publish this package, as expected, the tarball contains:

  "scripts": {
    "prepack": "pinst --disable",
    "postpack": "pinst --enable",
    "_postinstall": "run-my-thing"
  },

But, shockingly, when I npx this module (or npm i in a blank project), it tries to run run-my-thing. What could POSSIBLY be causing this? I am so very confused.

Define dev only command with users only command at the same time.

Is there some way we can define dev only command with users only command at the same time?

{
  "scripts": {
	"postinstall_for_users": "<some scripts only run on when users install the package>",
	"postinstall_for_dev": "<some dev command>"
  }
}

Indent level not preserved after re-enabling postinstall script

In my projects (both personal and work), I have my indentation level set to 4 spaces. However, it looks like this script is hard-coded to write the package.json file out with 2 spaces. It would be nice if it detected the indentation level automatically so I didn't have to add git reset head --hard to the postpublish script along with pinst --enable.

Thanks!