:::info NPM install scripts are disabled by default
The repository's NPM runtime configuration file (.npmrc) sets ignore-scripts=true. This means that preinstall/install/postinstall lifecycle scripts do not run during npm ci. This neutralizes a dominant NPM supply-chain attack pattern at the cost of skipping a few legitimate native-binary unpacks.
If the watch build fails because a package needs its install script (commonly esbuild, chromedriver, tree-sitter, or tree-sitter-json), rebuild only that package, for example:
npm rebuild --foreground-scripts esbuild chromedriver tree-sitter tree-sitter-jsonDo not edit .npmrc to flip ignore-scripts off — that re-introduces the risk repository-wide.
:::