Conversation
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message. To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
|
I realize this will probably break Husky from automatically getting set up. |
|
This would be a somewhat restrictive change, since we do occasionally need postinstall scripts, especially when a dependency needs to compile native C or C++ modules. If we go down this path, it would make more sense to switch to a better package manager that supports whitelisting packages allowed to run postinstall scripts, such as Bun. These modern package managers also come with several additional benefits, like cooldown periods when installing new dependencies, and they are also insanely fast. |
Is this needed for this repo, however?
I hesitate to diverge from using a package manager different from what is being used in core or Gutenberg. |
Not sure, but it's just a possibility in addition to what you noted for husky. |
|
In the meantime, I've added a |
|
Also, it would be better if we can add a command like |
This is a security hardening improvement.
See Core-64543.