Define allowScripts in package.json#323069
Conversation
Modern versions of npm (12) require you to define allowScripts to run dependencies’ install scripts. In npm 11 this can already be enabled, and is recommended. VSCode relies on install scripts, so `allowScripts` must be defined to work with modern setups of npm. The changes to `package-lock.json` are autogenerated. They appear unrelated. Possibly this removes remnants from an inproperly resolved merge conflict.
There was a problem hiding this comment.
Pull request overview
Adds an npm allowScripts allowlist to the root package.json so dependency install scripts can run under newer npm versions that require explicit opt-in, and includes incidental package-lock.json cleanups.
Changes:
- Define
allowScriptsin the rootpackage.jsonfor dependencies that require install scripts. - Remove a stray
ssh2/node_modules/cpu-featuresoptional stub entry from both lockfiles (package-lock.jsonandremote/package-lock.json).
Reviewed changes
Copilot reviewed 1 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| package.json | Adds allowScripts allowlist for dependencies with install scripts. |
| package-lock.json | Removes a stray optional stub entry under ssh2’s nested cpu-features. |
| remote/package-lock.json | Same lockfile cleanup as the root lockfile for the remote/ package. |
Files not reviewed (1)
- remote/package-lock.json: Generated file
| "allowScripts": { | ||
| "@parcel/watcher": true, | ||
| "@playwright/browser-chromium": true, | ||
| "@vscode/deviceid": true, | ||
| "@vscode/native-watchdog": true, |
|
Hi @remcohaszing, the current Node version used for the repo is We currently don't recommend using other combinations. These versions get updated over time but are highly coupled with other factors such as the Electron version. |
|
The wiki states Node.js >=22 as a prerequisite (https://github.com/microsoft/vscode/wiki/How-to-Contribute#prerequisites). This is incorrect, as the development workflow indeed does not fully work with Node.js 26. Everything else works fine with Node.js 24.18 though, which ships with npm 11.16.0. This npm version does have the |
Modern versions of npm (12) require you to define allowScripts to run dependencies’ install scripts. In npm 11 this can already be enabled, and is recommended.
VSCode relies on install scripts, so
allowScriptsmust be defined to work with modern setups of npm.The changes to
package-lock.jsonare autogenerated. They appear unrelated. Possibly this removes remnants from an inproperly resolved merge conflict.