Expand description
Allowlist/denylist policy for running dependency lifecycle scripts.
Mirrors pnpm’s createAllowBuildFunction — given an allowBuilds
map (Record<string, boolean>) and a dangerouslyAllowAllBuilds
flag, produce a function from (pkgName, version) to an allow /
deny / unspecified decision. Unspecified means “fall through to the
caller’s default,” which for aube is always “deny.”
§Entry shapes
Keys in the allowBuilds map support three forms:
"esbuild"— bare name, matches every version of the package"esbuild@0.19.0"— exact version match"esbuild@0.19.0 || 0.20.0"— exact version union
Semver ranges are intentionally not supported, matching pnpm’s
expandPackageVersionSpecs behavior: if you pin a version in the
allowlist you’re asserting a specific build has been audited, so
range matching would defeat the point.
Name patterns with * are not yet supported — pnpm’s @pnpm/config.matcher
handles them but they’re rare in practice and we can add them later
if users ask.
Structs§
- Build
Policy - Resolved policy for deciding whether a package may run its lifecycle scripts.
Enums§
- Allow
Decision - The decision for a single
(name, version)lookup. - Build
Policy Error