getsentry
Add `@sentry/cli` to package.json to `trustedDependencies` when using bun
The wizard should add @sentry/cli to package.json trusted dependencies. https://bun.sh/docs/cli/install#trusted-dependencies when using Bun as a package manager.
See https://github.com/getsentry/sentry-javascript-bundler-plugins/issues/412
Originally posted by @AbhiPrasad in https://github.com/getsentry/sentry-wizard/issues/446#issuecomment-1733781289
I believe we should be good to adjust this in our package installation helper function. Specific wizards shouldn't need to worry about this.
This issue has gone three weeks without activity. In another week, I will close it.
But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Backlog or Status: In Progress, I will leave it alone ... forever!
"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Further investigation: transitive dependencies are not affected by setting their parent in trustedDependencies (source). Meaning, if the install command is to add @sentry/vite-plugin, adding it to trustedDependencies is not going to enable the postinstall script of @sentry/cli. Meaning, we'll most likely have to create an index of packages that somewhere downstream require @sentry/cli, check it before installing, if required, add @sentry/cli to trustedDependencies and run the actual install command.
Also, on the same page:
I wonder if @sentry/cli would qualify for this list.