styled-components
What was the motivation/thinking behind the recent addition of a postinstall script and 500+ files?
#3749
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I would like to understand how/why you decided to add a postinstall script in 5.3.4/5.3.5 ?
What is your expectation/hope to achieve with the message it prints when installing the package in the targeted region?
Under which conditions are you planning to remove the script?
What are you telling people that are required to not use packages with a postinstall script, which are now stuck on version 5.3.3?
I didn't find any discussion and only one issue on the matter.
As of now there where more reactions to the 5.3.5 release than to any other release so far, mostly positive, but also some 👀
(5.3.4 doesn't have a github release, but there is an npm package version which is the one that adds the postinstall script, without making the
postinstall.jspart of the package.)Here is why I'm asking:
I received an automated PR for a patch release, but when I checked the diff it contained 500+ new files and a postinstall script. In the recent lights of malicious package modifications things this are at least suspicious and could reduce the trust in the package and what other things the maintainer(s?) could decide to add to that script.
Beta Was this translation helpful? Give feedback.
All reactions