Compatibility with `npm --ignore-scripts`

[anderskiaer]

If using the security best practice with ignore-scripts (either through --ignore-scripts npm CLI flag, or in .npmrc), the asset generator fails with:

transforming (1) index.html
PWA v0.19.0
WARNING: you must install the following dev dependencies to use the PWA assets generator:
- "@vite-pwa/assets-generator"
- "sharp" (should be installed when installing @vite-pwa/assets-generator)
- "sharp-ico" (should be installed when installing @vite-pwa/assets-generator) Error: 
Something went wrong installing the "sharp" module

Cannot find module '../build/Release/sharp-linux-x64.node'

This looks to be related to usage of --ignore-scripts. Not seen any other packages in vite ecosystem that requires the ability of running install/post-install scripts, so if the above analysis is correct, should this requirement (possibility to run install scripts) be mentioned in the docs? :slightly_smiling_face:

---

• https://cheatsheetseries.owasp.org/cheatsheets/NPM_Security_Cheat_Sheet.html#3-minimize-attack-surfaces-by-ignoring-run-scripts
• Number 3 at https://snyk.io/blog/ten-npm-security-best-practices/

[anderskiaer]

Looks like this problem solves itself when updating sharp dependency (https://github.com/lovell/sharp/issues/3750#issuecomment-1751172728). I.e. #38 also solves this issue.