fix(npm): repect allowScripts & ignoreScripts (#9684)

Co-authored-by: Rhys Arkins <rhys@arkins.net>

fix(npm): repect allowScripts & ignoreScripts (#9684)
8c0f7c12 · Michael Kriese · GitHub · cf460434 · 8c0f7c12 · 8c0f7c12
Unverified Commit 8c0f7c12 authored Apr 22, 2021 by Michael Kriese Committed by GitHub Apr 22, 2021
--- a/lib/manager/npm/post-update/__snapshots__/npm.spec.ts.snap
+++ b/lib/manager/npm/post-update/__snapshots__/npm.spec.ts.snap
@@ -7,7 +7,7 @@ exports[`generateLockFile finds npm globally 1`] = `Array []`;
 exports[`generateLockFile generates lock files 1`] = `
 Array [
  Object {
-    "cmd": "npm install --ignore-scripts --no-audit",
+    "cmd": "npm install --no-audit --ignore-scripts",
    "options": Object {
      "cwd": "some-dir",
      "encoding": "utf-8",
@@ -50,7 +50,7 @@ exports[`generateLockFile performs full install 1`] = `Array []`;
 exports[`generateLockFile performs lock file maintenance 1`] = `
 Array [
  Object {
-    "cmd": "npm install --package-lock-only --ignore-scripts --no-audit",
+    "cmd": "npm install --package-lock-only --no-audit --ignore-scripts",
    "options": Object {
      "cwd": "some-dir",
      "encoding": "utf-8",
@@ -73,7 +73,7 @@ Array [
 exports[`generateLockFile performs lock file updates 1`] = `
 Array [
  Object {
-    "cmd": "npm install --package-lock-only --ignore-scripts --no-audit some-dep@1.0.1",
+    "cmd": "npm install --package-lock-only --no-audit --ignore-scripts some-dep@1.0.1",
    "options": Object {
      "cwd": "some-dir",
      "encoding": "utf-8",

--- a/lib/manager/npm/post-update/npm.ts
+++ b/lib/manager/npm/post-update/npm.ts
@@ -51,11 +51,16 @@ export async function generateLockFile(
    let cmdOptions = '';
    if (postUpdateOptions?.includes('npmDedupe') || skipInstalls === false) {
      logger.debug('Performing node_modules install');
-      cmdOptions += '--ignore-scripts --no-audit';
+      cmdOptions += '--no-audit';
    } else {
      logger.debug('Updating lock file only');
-      cmdOptions += '--package-lock-only --ignore-scripts --no-audit';
+      cmdOptions += '--package-lock-only --no-audit';
    }
+    if (!getAdminConfig().allowScripts || config.ignoreScripts) {
+      cmdOptions += ' --ignore-scripts';
+    }
    const tagConstraint = await getNodeConstraint(config);
    const execOptions: ExecOptions = {
      cwd,

--- a/lib/manager/types.ts
+++ b/lib/manager/types.ts
@@ -277,6 +277,7 @@ export interface PostUpdateConfig extends ManagerConfig, Record<string, any> {
  updatedPackageFiles?: File[];
  postUpdateOptions?: string[];
  skipInstalls?: boolean;
+  ignoreScripts?: boolean;
  platform?: string;
  upgrades?: Upgrade[];