npm
[RRFC] Development lifecycle scripts (hooks)
Motivation ("The Why")
Sometimes in a project, there is a need to setup the development environment or enforce some policies on dependencies used in the project. However, npm doesn't provide a way to hook into its process and lifecycle scripts such as postinstall are (ab)used:
huskyusespostinstallto autoinstall Git hooks andpinstto disable them in the productionpostinstall-postinstallruns the app'spostinstallscript during itspostinstallscript- TBA
Furthermore, there is no way to run a script if the dependency tree of the pakcage has changed, i.e., a dependency is added or removed.
Example
As mentioned above, it can be used to setup the development environment or enforce some policies on dependencies used in the project.
How
Current Behaviour
postinstallscript runs afternpm install, but also runs when the package is installed as a dependencypreparescript runs afternpm install, but also before the pakcage is packed- Both scripts don't run when the dependency tree is changed and there is no way to trigger a script in this case
Desired Behaviour
- A new lifecycle, such as
preinstalldepandpostinstalldep - or, hook scripts that run before and after the dependency tree has changed (
reify)
References
- Old RFC #34 exists but seems stalled
- Alternative to #325
- Related to #437
Other package managers
- Yarn 1: undocumented hooks can wrap each step (https://github.com/yarnpkg/yarn/pull/7557)
- Yarn 2: hooks can be added via a plugin (https://yarnpkg.com/advanced/plugin-tutorial#using-hooks)
- pnpm: hooks can be added via configuration (https://pnpm.io/pnpmfile)
A post-reify script would be useful. We try to run a script to remove the resolved key from package-lock after any modifications because we build packages against different registries. We have some wrappers that 'know' which npm commands update the lock file, but if the wrapper is wrong or not used the lock file ends up in a dirty state. #486
