Allow --no-install to be set in a config file

zkat / npx

execute npm package binaries (moved)

https://github.com/npm/npx

Other

2.63k stars 105 forks source link

Allow --no-install to be set in a config file #198

Open libinvarghese opened 6 years ago

libinvarghese commented 6 years ago

This is clone of https://github.com/npm/npm/issues/19673 and seems relevant here.

Running npx [command] will auto-install and auto-run a module if not installed. This is a handy feature. However there are few scenarios where --no-install is helpful.

If the project depends on a certain devDependency version, and would not work on the latest - this could break the build.
Some projects follow the process of keeping all devDependencies locally.

To avoid using --no-install in every npx command, could no-install be set in a config file like npxrc or in package.json as below:

{
  "npx": { "noInstall": true },
}

legodude17 commented 6 years ago

Ref #105.

michaelsbradleyjr commented 6 years ago

I would think --no-install should be the default behavior (principle of least surprise; see: https://github.com/npm/npm/issues/19673#issue-290707657). And in that case, if the command is not found, npx's console output should give a hint about the possibility of using an --install flag, i.e. instead of only reporting not found: <cmd>.

justrhysism commented 6 years ago

should be the default behavior

I agree with this sentiment.

However I think there should also be a config available for npx. Should we raise a separate issue for that? #105 requests that, but people keep focusing on the --no-install option specifically.

jwalton commented 5 years ago

Note that npm-run is an alternative to npx, which doesn't have this problem. This is a security issue that's been open for over a year - seems unlikely it will be fixed soon - so moving to a package that behaves in a safe and sane way would seem prudent.