Skip to content

fix(arborist): don't flag inert optional deps in strict-allow-scripts#9597

Merged
owlstronaut merged 1 commit into
npm:latestfrom
JamieMagee:fix/strict-allow-scripts-inert
Jun 23, 2026
Merged

fix(arborist): don't flag inert optional deps in strict-allow-scripts#9597
owlstronaut merged 1 commit into
npm:latestfrom
JamieMagee:fix/strict-allow-scripts-inert

Conversation

@JamieMagee

Copy link
Copy Markdown
Contributor

Fixes #9562.

strict-allow-scripts walked the ideal tree and rejected inert optional deps like fsevents on Linux, even though reify removes them before any install script runs. The shared collectUnreviewedScripts walk now skips inert nodes, so the strict check matches what actually installs. approve-scripts (actual tree) was already correct.

@owlstronaut owlstronaut merged commit 7655822 into npm:latest Jun 23, 2026
84 checks passed
@github-actions

Copy link
Copy Markdown
Contributor

🎉 Backport to release/v11 created: #9602

owlstronaut pushed a commit that referenced this pull request Jun 23, 2026
…#9602)

Backport of #9597 to `release/v11`.

Co-authored-by: Jamie Magee <jamagee@microsoft.com>
@JamieMagee JamieMagee deleted the fix/strict-allow-scripts-inert branch June 23, 2026 14:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[BUG] "npm ci" with "strict-allow-scripts" rejects package that "approve-scripts" cannot see

2 participants