Revert "feat: build codegen on postinstall (#46227)" #46420
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This reverts commit 0cb97f0.
Summary:
Revert this commit that adds a
post install
script for a couple of reasons:postinstall
script causesyarn install
to fail on React Native macOS, where we use Yarn 4. I'm not entirely sure why, but I probably won't debug it for the rest of the reasons.postinstall
scripts (at least inside Microsoft) are viewed as a security risk. Any package in your dependency tree can get compromised, add the phase, and run arbitrary code. This has happened in the past with React Native past if I recall correctly. As such, we disablepostinstall
scripts in many of our repos (includingrnx-kit
andreact-native-test-app
).yarn install
. I think it would be sufficient to add some documentation somewhere that it is expected one runsyarn && yarn build
to use this repo locally? That's a fairly common practice in monorepos, at least ones inside Microsoft.Changelog:
[INTERNAL] [SECURITY] - Remove post install script phase in the React Native monorepo
Test Plan:
CI should pass