diff --git a/lib/workers/branch/index.js b/lib/workers/branch/index.js
index e43d066be3c94b33ebda25d78c1fc96a38e7b2b2..69ccc387023301d8f25a43c610e47d0f779c0354 100644
--- a/lib/workers/branch/index.js
+++ b/lib/workers/branch/index.js
@@ -68,7 +68,6 @@ async function ensureBranch(config) {
 
   const commitMessage = handlebars.compile(config.commitMessage)(config);
   const api = config.api;
-  const versions = config.versions;
   const cacheFolder = config.yarnCacheFolder;
   const packageFiles = {};
   const commitFiles = [];
@@ -144,7 +143,7 @@ async function ensureBranch(config) {
           packageFiles[packageFile],
           api,
           config.versions.npm,
-          versions.npm
+          logger
         );
         if (packageLockFile) {
           // Add new package-lock.json file too
diff --git a/lib/workers/branch/npm.js b/lib/workers/branch/npm.js
index 9ad32f1a5f20bc537e8078dcdcfe356a20bdd38d..b990c15e7e1e20d754f2a71587c0a0ae3f2091b3 100644
--- a/lib/workers/branch/npm.js
+++ b/lib/workers/branch/npm.js
@@ -1,9 +1,10 @@
-const logger = require('../../logger');
 const fs = require('fs');
 const cp = require('child_process');
 const tmp = require('tmp');
 const path = require('path');
 
+let logger = require('../../logger');
+
 module.exports = {
   generateLockFile,
   getLockFile,
@@ -20,12 +21,14 @@ async function generateLockFile(newPackageJson, npmrcContent) {
       fs.writeFileSync(path.join(tmpDir.name, '.npmrc'), npmrcContent);
     }
     logger.debug('Spawning npm install');
-    const result = cp.spawnSync('npm', ['install'], {
+    const result = cp.spawnSync('npm', ['install', '--ignore-scripts'], {
       cwd: tmpDir.name,
       shell: true,
     });
-    logger.debug(String(result.stdout));
-    logger.debug(String(result.stderr));
+    logger.debug(
+      { stdout: String(result.stdout), stderr: String(result.stderr) },
+      'npm install complete'
+    );
     packageLock = fs.readFileSync(path.join(tmpDir.name, 'package-lock.json'));
   } catch (error) /* istanbul ignore next */ {
     try {
@@ -43,7 +46,14 @@ async function generateLockFile(newPackageJson, npmrcContent) {
   return packageLock;
 }
 
-async function getLockFile(packageFile, packageContent, api, npmVersion) {
+async function getLockFile(
+  packageFile,
+  packageContent,
+  api,
+  npmVersion,
+  parentLogger
+) {
+  logger = parentLogger || logger;
   // Detect if a package-lock.json file is in use
   const packageLockFileName = path.join(
     path.dirname(packageFile),
@@ -78,6 +88,7 @@ async function getLockFile(packageFile, packageContent, api, npmVersion) {
 }
 
 async function maintainLockFile(inputConfig) {
+  logger = inputConfig.logger || logger;
   logger.trace({ config: inputConfig }, `maintainLockFile`);
   const packageContent = await inputConfig.api.getFileContent(
     inputConfig.packageFile