|
| 1 | +# RFC: Add `preunpack` life cycle script |
| 2 | + |
| 3 | +## Summary |
| 4 | + |
| 5 | +Add a `preunpack` life cycle script that runs before anything else. |
| 6 | + |
| 7 | +## Motivation |
| 8 | + |
| 9 | +npm v7 introduced a new order of running the `preinstall` script, where it runs **after** dependencies are installed, breaking backward compatibility with packages expecting to run a script **before** dependencies are installed. |
| 10 | + |
| 11 | +By introducing a new life cycle script that will run first in the execution order, we can give a path forward to packages that require a script to run **before** dependencies are installed. |
| 12 | + |
| 13 | +Use cases: |
| 14 | + |
| 15 | +* Handling authentication for private registries with short-lived tokens (i.e., AWS, GCP, Azure) |
| 16 | +* Generating workspaces from gRPC proto files before workspaces and dependencies get evaluated. |
| 17 | + |
| 18 | +## Detailed Explanation |
| 19 | + |
| 20 | +A `preunpack` life cycle script that is **first** in execution order: |
| 21 | + |
| 22 | +* Runs on local `npm install` without any arguments |
| 23 | +* Runs on non-local `npm install` (from a package installing the package) |
| 24 | +* Runs on `npm ci` |
| 25 | + |
| 26 | +Example usage in the case of handling authentication for AWS CodeArtifact: |
| 27 | + |
| 28 | +```json |
| 29 | +{ |
| 30 | + "name": "my-app", |
| 31 | + "version": "1.0.0", |
| 32 | + "description": "A sample application consuming a private scoped npm package", |
| 33 | + "main": "index.js", |
| 34 | + "scripts": { |
| 35 | + "preunpack": "npm run co:login", |
| 36 | + "co:login": "aws codeartifact login --tool npm --repository my-repo --domain my-domain" |
| 37 | + }, |
| 38 | + "dependencies": { |
| 39 | + "@myorg/my-package": "^1.0.0" |
| 40 | + } |
| 41 | +} |
| 42 | +``` |
| 43 | + |
| 44 | +When running `npm install`, the `npm run co:login` will be run before any dependencies are installed. |
| 45 | + |
| 46 | +## Rationale and Alternatives |
| 47 | + |
| 48 | +### Implement a separate top level "events" field |
| 49 | + |
| 50 | +The idea here would be to implement a top-level "events" field to keep the current behavior of "scripts" while providing a better implementation elsewhere as described in [this comment](https://github.com/npm/cli/issues/2660#issuecomment-794415767). |
| 51 | + |
| 52 | +This approach would undoubtedly address the use cases outlined above, but the scope may be too large when we need a quicker stop-gap for the interim. |
| 53 | + |
| 54 | +### Revert back to the `preinstall` functionality from versions before v7 |
| 55 | + |
| 56 | +See [Unresolved Questions and Bikeshedding](#unresolved-questions-and-bikeshedding). |
| 57 | + |
| 58 | +## Implementation |
| 59 | + |
| 60 | +<!-- Give a high-level overview of implementation requirements and concerns. Be specific about areas of code that need to change, and what their potential effects are. Discuss which repositories and sub-components will be affected, and what its overall code effect might be. --> |
| 61 | + |
| 62 | +<!-- THIS SECTION IS REQUIRED FOR RATIFICATION -- you can skip it if you don't know the technical details when first submitting the proposal, but it must be there before it's accepted --> |
| 63 | + |
| 64 | +## Prior Art |
| 65 | + |
| 66 | +* npm v6 |
| 67 | + |
| 68 | +## Unresolved Questions and Bikeshedding |
| 69 | + |
| 70 | +* Are there any security implications with this approach? |
| 71 | +* Are we sure we don't want to revert back to the `preinstall` functionality of npm v6? |
| 72 | + |
| 73 | +<!-- THIS SECTION SHOULD BE REMOVED BEFORE RATIFICATION --> |
0 commit comments