GitHub/Anki
1
0
Fork 0
mirror of https://github.com/ankitects/anki.git synced 2025-09-18 14:02:21 -04:00
Code Issues Projects Releases Packages 1 Wiki Activity Actions

Disable NPM package scripts, and assert lockfile unchanged

Browse source 
With all the recent supply chain attacks, this seems prudent. There are
three in our current package list. esbuild's is just a performance
optimization (https://github.com/evanw/esbuild/issues/4085), and
dprint's gets done when we invoke .bin/dprint anyway. svelte-preprocess
simply prints something to the screen.
This commit is contained in:
Damien Elmes 2025-09-17 09:31:06 +10:00
parent 4506ad0c97
commit 90ed4cc115
2 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.yarnrc.yml
View file

@ -1 +1,2 @@
nodeLinker: node-modules nodeLinker: node-modules
enableScripts: false

6
build/runner/src/yarn.rs
View file

@ -28,7 +28,11 @@ pub fn setup_yarn(args: YarnArgs) {
.arg("--ignore-scripts"), .arg("--ignore-scripts"),
); );
} else { } else {
run_command(Command::new(&args.yarn_bin).arg("install")); run_command(
Command::new(&args.yarn_bin)
.arg("install")
.arg("--immutable"),
);
} }
std::fs::write(args.stamp, b"").unwrap(); std::fs::write(args.stamp, b"").unwrap();