From a80173d898f06b66985fc017d7a534466d4ee7eb Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Wed, 15 Aug 2018 17:27:40 +0200
Subject: [PATCH] fix(npm): ignore scripts on full install

---
 lib/manager/npm/post-update/lerna.js | 2 +-
 lib/manager/npm/post-update/npm.js   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/manager/npm/post-update/lerna.js b/lib/manager/npm/post-update/lerna.js
index 04a17b616a..27e4e3fe94 100644
--- a/lib/manager/npm/post-update/lerna.js
+++ b/lib/manager/npm/post-update/lerna.js
@@ -31,7 +31,7 @@ async function generateLockFiles(lernaClient, tmpDir, env, skipInstalls) {
       if (skipInstalls) {
         params = '--package-lock-only --no-audit';
       } else {
-        params = '--no-audit';
+        params = '--ignore-scripts  --no-audit';
       }
     } else {
       params =
diff --git a/lib/manager/npm/post-update/npm.js b/lib/manager/npm/post-update/npm.js
index 6a90bd0c7f..7c348a7a74 100644
--- a/lib/manager/npm/post-update/npm.js
+++ b/lib/manager/npm/post-update/npm.js
@@ -56,7 +56,7 @@ async function generateLockFile(tmpDir, env, filename, skipInstalls) {
     if (skipInstalls) {
       cmd += ' --package-lock-only --no-audit';
     } else {
-      cmd += ' --no-audit';
+      cmd += ' --ignore-scripts --no-audit';
     }
     logger.debug(`Using npm: ${cmd}`);
     // TODO: Switch to native util.promisify once using only node 8
-- 
GitLab