--- name: Add a trusted dependency --- Unlike other npm clients, Bun does not execute arbitrary lifecycle scripts for installed dependencies, such as `postinstall` and `node-gyp` builds. These scripts represent a potential security risk, as they can execute arbitrary code on your machine. {% callout %} Soon, Bun will include a built-in allow-list that automatically allows lifecycle scripts to be run by popular packages that are known to be safe. This is still under development. {% /callout %} --- If you are seeing one of the following errors, you are probably trying to use a package that uses `postinstall` to work properly: - `error: could not determine executable to run for package` - `InvalidExe` --- To tell Bun to allow lifecycle scripts for a particular package, add the package to `trustedDependencies` in your package.json. Note that this only allows lifecycle scripts for the specific package listed in `trustedDependencies`, _not_ the dependencies of that dependency! ```json-diff { "name": "my-app", "version": "1.0.0", + "trustedDependencies": ["my-trusted-package"] } ``` --- Once this is added, run a fresh install. Bun will re-install your dependencies and properly install ```sh $ rm -rf node_modules $ rm bun.lockb $ bun install ``` --- Note that this only allows lifecycle scripts for the specific package listed in `trustedDependencies`, _not_ the dependencies of that dependency! --- See [Docs > Package manager > Trusted dependencies](/docs/install/lifecycle) for complete documentation of trusted dependencies. alue='ciro/queue-response-experiment'>ciro/queue-response-experiment Unnamed repository; edit this file 'description' to name the repository.
aboutsummaryrefslogtreecommitdiff
path: root/src/bun.js/builtins/cpp/ReadableStreamBYOBRequestBuiltins.cpp (unfollow)
AgeCommit message (Expand)AuthorFilesLines
2023-01-21Handle string subclasses and new String() in new BufferGravatar Jarred Sumner 1-2/+11
2023-01-21Make Buffer.alloc* 3ns fasterGravatar Jarred Sumner 1-11/+17
2023-01-21[buffer] Make Buffer.from pass more testsGravatar Jarred Sumner 4-92/+179
2023-01-20constructor parameter properties in class expressions (#1867)Gravatar Dylan Conway 2-8/+48
2023-01-20Update transpiler.test.jsbun-v0.5.1Gravatar Jarred Sumner 1-1/+1
2023-01-20Update transpiler.test.jsGravatar Jarred Sumner 1-1/+1
2023-01-20push super before generated statements (#1856)Gravatar Dylan Conway 2-29/+53
2023-01-20Clear the errorsGravatar Jarred Sumner 1-0/+2
2023-01-20one less hash tableGravatar Jarred Sumner 1-2/+13
2023-01-20Add another testGravatar Jarred Sumner 2-1/+11
2023-01-20fix hanging testGravatar Jarred Sumner 1-38/+42
2023-01-20Further cleanup buffer encodingGravatar Jarred Sumner 1-48/+26
2023-01-20Fixes #1855Gravatar Jarred Sumner 2-5/+57
2023-01-20Fix assertion failure with boringssl messagesGravatar Jarred Sumner 3-5/+132
2023-01-19Revert "ignore sighup"Gravatar Jarred Sumner 1-45/+10
2023-01-19ignore sighupGravatar Jarred Sumner 1-10/+45
2023-01-19make this code easier to readGravatar Jarred Sumner 3-29/+26
2023-01-19Update types.zigGravatar Jarred Sumner 1-4/+0
2023-01-19BumpGravatar Jarred Sumner 2-2/+2
2023-01-19Fix buffer encoding bugGravatar Jarred Sumner 2-4/+17
2023-01-19use `String.from()` (#1850)Gravatar Alex Lam S.L 4-5/+12
2023-01-19Bump zigGravatar Jarred Sumner 2-2/+2
2023-01-19make it packedGravatar Jarred Sumner 1-2/+2
2023-01-20Bugfixes to install (#1848)Gravatar Jarred Sumner 5-26/+119
2023-01-19repopulate `alias_map` correctly (#1847)Gravatar Alex Lam S.L 5-70/+240
2023-01-19Add a commentGravatar Jarred Sumner 1-0/+6
2023-01-19Add a debug safety check for UAF in AST nodesGravatar Jarred Sumner 1-0/+5
2023-01-19Fix UAF when opening workspacesGravatar Jarred Sumner 1-2/+0
2023-01-19Improve error message when a workspace is not foundGravatar Jarred Sumner 2-9/+97