-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
preinstall and postinstall are not run #853
Comments
This seems to be intentional. However, some alternative will need to be found... especially for the many packages that depend on node-gyp running on install. |
There are a number of modules that use post-install script to download a prebuilt version of a package. (for example: electron-prebuilt, leveldown, sodium-prebuilt) This makes |
we use postinstall in our build to create certain "package" symlinks, would also need some sort of postinstall trigger |
This issue is a duplicate of #721 |
So what is yarn -h
|
postinstall is also not run in create-react-app, which breaks upgrades facebook/create-react-app#896 |
Addressed in #800 |
Fixed via #800. |
Hey guys, good to know we now have full compatibility with the npm package lifecycle. But Do you see that as a concern worth addressing? |
Bit since it's open source, doesn't it make sense to review what you are including in your project anyway? |
@suprMax Any real-world project has at least a couple of hundred dependencies including transitive dependencies. Perhaps I’m doing it wrong (and I’m sure security-oriented startups do this sort of thing), but I’ve never done an audit of all npm scripts of all packages that would be dowloaded prior to installing them or updating them. |
To back this up with data, the project I’m currently working on has 39 |
@tomekwi This case you describe would be just as possible if a third party you used had a security exploit, would it not? Either way, you would be unaware of the security hole in your code. I think your concern is valid to a degree, but I don't think it's yarn's responsibility to fix that, nor do I think they really can fix that. It's the developer's responsibility to manage and update his dependancies carefully IMO. |
Since one of the core selling points of yarn is full compatibility with npm, I agree supporting hook scripts is unavoidable. What I’m frustrated with is the design of npm, which yarn seems to work around pretty neatly in other aspects. #jsfatigue Is |
So what's the status on that issue now? For example, our app uses When I When I This happens for I now worked around this by adding an |
@siebertm Are you using the yarn offline-mirror feature? Is that at all supported, or are there any workarounds that let me use the offline-miror to install from for machines that are not connected to the internet? Any advice would be greatly appreciated! |
You can't, since the downloading process is iniated by the npm package, not
by yarn. Maybe you could ask the node-sass/electron-prebuilt maintainers
about this...
…On Mon, Jan 9, 2017 at 1:55 PM, Janusch ***@***.***> wrote:
@siebertm <https://github.com/siebertm> Are you using the yarn
offline-mirror feature?
I am wondering on how I can get the binaries of e.g. node-sass and
electron into the offline-mirror?
Is that at all supported, or are there any workarounds that let me use the
offline-miror to install from for machines that are not connected to the
internet?
Any advice would be greatly appreciated!
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#853 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAAH5atUxkK9DjDdd4TUb5Yy17AmZ8RGks5rQi4wgaJpZM4KUoFM>
.
|
@siebertm I'd be interested to know what you do in your |
@siebertm Thank you for the reply! Could there be a different approach to getting binaries into the offline-mirror? Is it possible to build e.g. the node-sass source locally and then release to the offline-mirror? |
The last one sounds dirty, but take There are valid scenarios for a
|
+1 for this! |
+1 |
2 similar comments
+1 |
+1 |
+1 (for cypress) |
@siebertm I know its been a long time, but I ran into the same problem, so felt I should comment.
I think the build is succeeding locally for you because you have a cached version with scripts run. This is what happened to me. NOTE: The relevant issue is #1671. (It is still open. ) |
Still a problem. postinstall scripts are not running thus breaking compatibility |
This was fixed back in 2016, if you're able to reproduce it now then open a new issue with steps to reproduce |
Do you want to request a feature or report a bug?
Bug
What is the current behavior?
preinstall and postinstall scripts are not run
If the current behavior is a bug, please provide the steps to reproduce.
run
yarn
What is the expected behavior?
preinstall and postinstall scripts are executed
Please mention your node.js, yarn and operating system version.
yarn 0.15.1
node 4.5.0
Windows 7 (running via Cygwin and/or CMD)
The text was updated successfully, but these errors were encountered: