Skip to content

bun: Add --ignore-scripts to bun install/update commands#14373

Merged
thavaahariharangit merged 2 commits into
dependabot:mainfrom
RyPeck:bun-ignore-scripts
Apr 7, 2026
Merged

bun: Add --ignore-scripts to bun install/update commands#14373
thavaahariharangit merged 2 commits into
dependabot:mainfrom
RyPeck:bun-ignore-scripts

Conversation

@RyPeck
Copy link
Copy Markdown
Contributor

@RyPeck RyPeck commented Mar 5, 2026

What are you trying to accomplish?

Skip lifecycle scripts (postinstall, prepare, etc.) when running bun for lockfile updates, matching npm/yarn behavior in dependabot-core. Avoids failures from packages that download binaries or run env-specific scripts (e.g. redis-memory-server postinstall failing with empty Content-Length). Lockfile content is unchanged; only script execution is disabled for security and reliability.

Looking to add after seeing failures related to redis-memory-server in a private projects dependabot runs.

Anything you want to highlight for special attention from reviewers?

No.

How will you know you've accomplished your goal?

If dependabot works on a bun project which depends on redis-memory-server.

Checklist

  • I have run the complete test suite to ensure all tests and linters pass.
  • I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
  • I have written clear and descriptive commit messages.
  • I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
  • I have ensured that the code is well-documented and easy to understand.

@RyPeck RyPeck requested a review from a team as a code owner March 5, 2026 23:49
@RyPeck
Copy link
Copy Markdown
Contributor Author

RyPeck commented Mar 11, 2026

👋 @kbukum1 you may be interested in this PR - you were the last one to touch this area as part of separating bun from npm_and_yarn.

@RyPeck RyPeck changed the title Add --ignore-scripts to bun install/update commands bun: Add --ignore-scripts to bun install/update commands Mar 12, 2026
@RyPeck
Add --ignore-scripts to bun install/update commands
04719c8 
Skip lifecycle scripts (postinstall, prepare, etc.) when running bun
for lockfile updates, matching npm/yarn behavior in dependabot-core.
Avoids failures from packages that download binaries or run env-specific
scripts (e.g. redis-memory-server postinstall failing with empty
Content-Length). Lockfile content is unchanged; only script execution
is disabled for security and reliability.

Looking to add after seeing failures related to `redis-memory-server`
in a private projects dependabot runs.
@RyPeck RyPeck force-pushed the bun-ignore-scripts branch from e094e15 to 04719c8 Compare March 12, 2026 21:24
@RyPeck RyPeck mentioned this pull request Mar 17, 2026
Closed
1 task
@v-HaripriyaC v-HaripriyaC self-requested a review March 20, 2026 17:09
@thavaahariharangit
Copy link
Copy Markdown
Contributor

thavaahariharangit commented Apr 7, 2026

Reviewing as per the customer request.

@thavaahariharangit thavaahariharangit merged commit 3747f40 into dependabot:main Apr 7, 2026
56 checks passed
@thavaahariharangit thavaahariharangit mentioned this pull request Apr 7, 2026
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thavaahariharangit thavaahariharangit thavaahariharangit approved these changes

@v-HaripriyaC v-HaripriyaC Awaiting requested review from v-HaripriyaC

Assignees

No one assigned

Labels

L: javascript

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RyPeck @thavaahariharangit