Several npm commands (except npm ci) will consume package.json
So typically npm install (unless with --ignore-scripts or .npmrc with ignore-scripts=true) will run preinstall, install, postinstall, preprepare, prepare, postprepare
The following npm commands will explicitely execute scripts, despite it being disabled, some are less obvious that could be hooked:
npm diff (prepare)
npm version (preversion, version, postversion)
npm run ...
npm start (defaults to node server.js)
npm stop
npm restart
npm test
npm run-script
.npmrc can be in the CWD and can override standard NPM registry like
Several npm commands (except npm ci) will consume package.json
So typically npm install (unless with --ignore-scripts or .npmrc with ignore-scripts=true) will run preinstall, install, postinstall, preprepare, prepare, postprepare
Those are effectively documented in the "Life Cycle Operation Order" https://docs.npmjs.com/cli/v10/using-npm/scripts#life-cycle-operation-order
The following npm commands will explicitely execute scripts, despite it being disabled, some are less obvious that could be hooked:
npm diff (prepare) npm version (preversion, version, postversion) npm run ... npm start (defaults to node server.js) npm stop npm restart npm test npm run-script .npmrc can be in the CWD and can override standard NPM registry like
registry=https://registry.notnpmjs.org