Skip to content

Commit 481a640

Browse files
amitsi-bsclaude
andcommitted
LTS-3294: complete .npmrc hardening + pin SDK to the Playwright pod version
- .npmrc: add ignore-scripts=true + engine-strict=true -> all 6 SC-12282 directives now present (access=restricted is N/A for a public sample). - package.json: pin browserstack-node-sdk to 1.60.1 -- the version the Playwright BLU runner enforces in prod (docker-selenium/Playwright/download-test.js SDK_VERSION on lts-main) -- and drop the postinstall `npm update browserstack-node-sdk` that was the only reason install-scripts were needed (this unblocks ignore-scripts). Add engines.node ">=18" (satisfied by the runner pods and required by Playwright + the SDK) so engine-strict has a safe floor that only rejects EOL Node. - package-lock.json: regenerated for 1.60.1, kept lockfileVersion 2. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent 11f1fb4 commit 481a640

3 files changed

Lines changed: 2320 additions & 1343 deletions

File tree

.npmrc

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -4,16 +4,20 @@
44
# access=restricted is intentionally OMITTED — this is a public, customer-facing
55
# sample repository, not a published private package.
66
#
7-
# ignore-scripts=true is intentionally DEFERRED. This repo ships its own
8-
# postinstall (`npm update browserstack-node-sdk`) so the sample always runs the
9-
# latest SDK; enabling ignore-scripts would silently disable it. Re-enable once
10-
# the sample pins the SDK and drops the postinstall.
7+
# ignore-scripts=true is now safe: browserstack-node-sdk is pinned directly in
8+
# package.json to 1.60.1 — the version the Playwright BLU runner enforces in prod
9+
# (docker-selenium/Playwright/download-test.js SDK_VERSION on lts-main) — so the old
10+
# `postinstall: npm update browserstack-node-sdk` (the only install-script this
11+
# sample needed) has been removed.
1112
#
12-
# engine-strict=true is intentionally DEFERRED. Customers clone and run this
13-
# sample on a wide range of Node versions; hard EBADENGINE enforcement on
14-
# transitive deps would break `npm install` for them. Kept as a warning.
13+
# engine-strict=true enforces the package.json `engines.node` floor (>=18), which
14+
# matches the Node version in our runner pod and what Playwright + the SDK already
15+
# require. Customers on EOL Node (<18) get a clear upgrade message instead of an
16+
# obscure runtime failure.
1517

1618
strict-ssl=true
1719
save-exact=true
1820
audit-level=high
1921
legacy-peer-deps=false
22+
ignore-scripts=true
23+
engine-strict=true

0 commit comments

Comments
 (0)