Lifecycle script runner for aube.
Security model:
- Scripts from the root package (the project's own
package.json) run by default. They're written by the user, so they're trusted the same way a user trustsaube run <script>. - Scripts from installed dependencies (e.g.
node-gyppostinstall from a native module) are SKIPPED by default. A package runs its lifecycle scripts only if the active [BuildPolicy] allows it — configured viapnpm.allowBuildsinpackage.json,allowBuildsinpnpm-workspace.yaml, or the escape-hatch--dangerously-allow-all-buildsflag. --ignore-scriptsforces everything off, matching pnpm/npm.