Is there an existing issue for this?
This issue exists in the latest npm version
This is not just a request to bump a dependency for a CVE
Current Behavior
See the discussion for the analysis. However, basic idea is the use of InBundle causes some lifecycle scripts to be skipped when a package is bundled in the root package.
Expected Behavior
Approve scripts listing of pending lists all and the blocking of scripts till approved in all cases where they would run.
Steps To Reproduce
Smoke test and which commit I ran from all in the mentioned discussion. Commit reference and patch provided in discussion.
Environment
Running from 86416a6 and reviewing approval script code.
; "project" config from C:\git\copilot-worktrees\npm-cli\copilot-implement-rfc-897-plan\.npmrc
package-lock = true
; node bin location = C:\nvm4w\nodejs\node.exe
; node version = v24.16.0
; npm local prefix = C:\git\copilot-worktrees\npm-cli\copilot-implement-rfc-897-plan
; npm version = 11.13.0
; cwd = C:\git\copilot-worktrees\npm-cli\copilot-implement-rfc-897-plan
; HOME = C:\Users\vbjay
; Run `npm config ls -l` to show all defaults.
Is there an existing issue for this?
This issue exists in the latest npm version
This is not just a request to bump a dependency for a CVE
Current Behavior
See the discussion for the analysis. However, basic idea is the use of InBundle causes some lifecycle scripts to be skipped when a package is bundled in the root package.
Expected Behavior
Approve scripts listing of pending lists all and the blocking of scripts till approved in all cases where they would run.
Steps To Reproduce
Smoke test and which commit I ran from all in the mentioned discussion. Commit reference and patch provided in discussion.
Environment
Running from 86416a6 and reviewing approval script code.