fix: make repo.dependencies launch-gate check read-only#62
Conversation
…-dry-run Co-authored-by: clduab11 <185000089+clduab11@users.noreply.github.com>
Co-authored-by: clduab11 <185000089+clduab11@users.noreply.github.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 95e879ff21
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| 'repo.dependencies', | ||
| 'npm', | ||
| ['install', '--package-lock-only', '--ignore-scripts'], | ||
| ['ci', '--dry-run'], |
There was a problem hiding this comment.
Switching repo.dependencies to npm ci --dry-run removed the previous --ignore-scripts guard, so lifecycle scripts can run during the launch gate. npm ci --help shows --ignore-scripts as an opt-in flag, and in practice npm ci --dry-run still executes preinstall scripts; that means repositories with install hooks can mutate files or trigger external side effects even in strict mode, which breaks the intended read-only/safe gate behavior.
Useful? React with 👍 / 👎.
clduab11
merged commit 305835f
into
codex/refactor-to-global-cli-and-daemon
The
repo.dependencieslaunch-gate check was runningnpm install --package-lock-only --ignore-scripts, which mutatespackage-lock.json. A launch gate must be read-only.npm ci --dry-run, which validatespackage-lock.json/package.jsonconsistency without writing any files✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.