Disallow npm install to run other scripts

Published: November 17, 2019

When installing packages from NPM, the packages could run preinstall and postinstall scripts. This could potentially be malicious code or viruses allowed to run directly on your computer.

This could be disallowed with

npm install --ignore-scripts

or disallowed all the time with

npm config set ignore-scripts true

This could lead to problems you need to fix if the package relies on those scripts. Kind of a hassle versus safety dilemma.

More information on the npm blog