This repository was archived by the owner on Mar 5, 2025. It is now read-only.
This repository was archived by the owner on Mar 5, 2025. It is now read-only.
web3 postinstall script modifies files in another package #3717
Description
I found that postinstall script in web3 package attempts to modify files in an unrelated package, @angular-devkit/build-angular. I believe this to be an abuse of NPM script functionality. Packages should not modify files that they don't own without the user's explicit request.
There are other problems with this behavior:
- If @angular-devkit/build-angular package is installed or upgraded after web3, the modifications will not be performed. This makes build result nondeterministic, and also leads to bugs that may or may not reproduce depending on the order the packaged are installed.
- The modifications may break a future version of @angular-devkit/build-angular package. If this happens, it will be difficult for the user to find the root cause of the breakage.
- The script that performs the modifications assumes that the relative path to the @angular-devkit/build-angular package is
../../node_modules/@angular-devkit. This may not be true, as NPM may use a different directory structure in case of name conflicts. See npm-folders documentation page for details.
If the modifications are needed, they should be performed by a script that the user needs to run explicitly, perhaps as part of their build process.
Expected behavior
Installing web3 package doesn't mess with other packages.
Actual behavior
Installing web3 package attempts to modify a different package.
Steps to reproduce the behavior
- Install web3 package
Logs
Environment
Metadata
Metadata
Assignees
Labels
No labels