apps/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-09-26 21:01:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

Frontend: Update npm install targets in Makefile and package.json

Browse Source 
Signed-off-by: Michael Mayer <michael@photoprism.app>
This commit is contained in:
Michael Mayer
2025-09-18 09:51:11 +02:00
parent fb27969e30
commit e221a8ee73
2 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
frontend/Makefile
View File

@@ -36,22 +36,22 @@ notice:
license-report --only=prod --config=.report.json > NOTICE
install-npm:
# Keep scripts enabled for npm itself; split other globals and disable scripts for safety
sudo npm install --unsafe-perm=true --allow-root -g npm@latest
sudo npm install --unsafe-perm=true --allow-root -g --ignore-scripts npm-check-updates@latest license-report@latest
sudo npm install -g npm@latest
sudo npm install -g --ignore-scripts --no-fund --no-audit --no-update-notifier npm-check-updates@latest license-report@latest
install-testcafe:
npm install -g --ignore-scripts testcafe@latest
npm install -g --ignore-scripts --no-fund --no-audit --no-update-notifier testcafe@latest
install-eslint:
npm install -g --ignore-scripts eslint globals @eslint/eslintrc @eslint/js eslint-config-prettier eslint-formatter-pretty eslint-plugin-html eslint-plugin-import eslint-plugin-node eslint-plugin-prettier eslint-plugin-promise eslint-plugin-vue eslint-webpack-plugin vue-eslint-parser prettier
npm install -g --ignore-scripts --no-fund --no-audit --no-update-notifier eslint globals @eslint/eslintrc @eslint/js eslint-config-prettier eslint-formatter-pretty eslint-plugin-html eslint-plugin-import eslint-plugin-node eslint-plugin-prettier eslint-plugin-promise eslint-plugin-vue eslint-webpack-plugin vue-eslint-parser prettier
upgrade:
$(info Securely upgrading NPM dependencies...)
$(DOCKER_NPM) 'npx -y npm@latest update --save --ignore-scripts --no-update-notifier && npx -y npm@latest install --ignore-scripts --no-audit --no-fund --no-update-notifier'
$(DOCKER_NPM) 'npx -y npm@latest update --save --package-lock --ignore-scripts --no-fund --no-audit --no-update-notifier && npx -y npm@latest install --ignore-scripts --no-audit --no-fund --no-update-notifier'
npm-install:
$(info Installing NPM dependencies...)
npm install --ignore-scripts --no-update-notifier --no-audit --no-audit --no-fund
npm install --ignore-scripts --no-fund --no-audit --no-update-notifier
install: npm-install
npm-update:
$(info Updating NPM dependencies in package.lock and package-lock.json...)
npm update --save --package-lock --ignore-scripts --no-update-notifier --no-audit --no-fund
npm update --save --package-lock --ignore-scripts --no-fund --no-audit --no-update-notifier
update: npm-update npm-install
security-check: # Scan for missing --ignore-scripts and unsafe v-html
npm run -s security:scan

2
frontend/package.json
View File

@@ -23,7 +23,7 @@
"test-component": "cross-env TZ=UTC BUILD_ENV=development NODE_ENV=development BABEL_ENV=test vitest run tests/vitest/component",
"testcafe": "testcafe",
"trace": "webpack --stats-children",
"update": "npm update --save --package-lock --ignore-scripts && npm install --ignore-scripts --no-update-notifier --no-audit",
"update": "npm update --save --package-lock --ignore-scripts --no-fund && npm install --ignore-scripts --no-fund --no-audit --no-update-notifier",
"security:scan": "npm run -s security:scan-installs && npm run -s security:scan-xss",
"security:scan-installs": "sh -lc 'set -e; MATCHES=\"$(rg -n --hidden --glob !**/.git/** -S \"npm (ci|install|update)\" ./Makefile ./package.json 2>/dev/null || true)\"; if [ -z \"$MATCHES\" ]; then echo \"No npm install/update/ci commands found in frontend/\"; exit 0; fi; VIOLATIONS=\"$(printf %s \"$MATCHES\" | rg -v -e \"ignore-scripts\" -e \"install .* -g npm\" -e \"update .* -g npm\" -e \":[0-9]+:\\s*#\" -e \"install-npm\" || true)\"; if [ -n \"$VIOLATIONS\" ]; then echo \"ERROR: npm install/update/ci without --ignore-scripts (exceptions excluded)\"; printf %s\\n \"$VIOLATIONS\"; exit 1; fi; echo \"OK: All frontend installs/updates use --ignore-scripts or are allowed exceptions.\"'",
"security:scan-xss": "sh -lc 'set -e; if rg -n --glob \"src/**\" -S \"v-html=\\\"\" src >/dev/null; then echo \"ERROR: v-html usage detected; prefer v-sanitize or $util.sanitizeHtml()\"; rg -n --glob \"src/**\" -S \"v-html=\\\"\" src; exit 1; else echo \"OK: No v-html usage detected.\"; fi'",