change install from npm scripts postinstall to optionalDependencies #1675
Conversation
|
not sure if I made the right GitHub action, better check it carefully |
|
I agree that we should move to this approach. It also addresses a couple of issues:
|
| console.debug(`Creating folder ${folder}`) | ||
| await mkdir(`${folder}/bin`, { recursive: true }) | ||
| console.debug(`Copying files to ${folder}`) | ||
| await writeFile(`${folder}/package.json`, packageJson.replace(/{platform}/g, platform.os).replace(/{arch}/g, platform.arch).replace(/{version}/g, mainPackage.version)) |
There was a problem hiding this comment.
Maybe use .replaceAll('{platform}', ...)? don't this we need regex here.
There was a problem hiding this comment.
What are the advantages of using replaceAll instead of replace with a global flag?
There was a problem hiding this comment.
readers don't need to parse regex in mind
|
fwiw, I'm implementing this in goreleaser as well... for what I can tell, this does not seem to work. The platform-specific dependency is downloaded, but it seems the binary is never put in the right places.
fwiw, here's the packages: |
|
Thanks for your PR |
5 participants
Fix: go-task/go-npm#11
Change install from npm
postinstall script -> optionalDependencies
postinstallcan be a vulnerable script, which is why some installations ignore all hooksit also forces the installer to execute code making the installation slower and providing a bad experience
it is better to use
optionalDependencies, which will allow you to install a binary image for a specific operating systemthis will be faster and clearer, and will also prevent evil code to execute on your machine