So, I've used two methods for two different applications/use-cases:
1. You can create a .npmrc file in your project and add:
ignore-scripts=true
When to Use This?
- If you want to disable scripts for all the packages without
affecting others.
- For smaller applications with only a few packages, where you're certain that pre-install and post-install scripts won’t be needed, you can safely disable them. (Use with caution: as some packages may need install scripts)
2. Use overrides in package.json:
The best way to block scripts for only one package is by using the overrides field in package.json:
Step 1: Install the Package (Without Running Scripts Initially)
npm install some-package --ignore-scripts
Step 2:
Add the following in your package.json:
{
"overrides": {
"some-package": {
"scripts": {}
}
}
}
How This Works?
- The overrides section tells NPM: "For some-package, remove all
scripts." Even if someone runs npm install, the scripts inside
some-package will never execute.
When to Use This?
- If you want to disable scripts for a specific package without
affecting others.
- If you work in a team and want to ensure nobody
accidentally runs unwanted scripts.
- If you want a permanent,
project-wide fix.