From b3f57c236a4af3c4e68c7eb555f339551a4e0225 Mon Sep 17 00:00:00 2001
From: Deepak Jacob <deepakjacob@meta.com>
Date: Thu, 1 Dec 2022 03:15:05 -0800
Subject: [PATCH] Remove preinstall npm token validation in favour of
 --ignore-scripts (#902)

Summary:
**Issue:**
Last two release of metro is not published to npm `v0.73.5` and `v0.73.4`, npm still have [v0.73.3](https://www.npmjs.com/package/metro).

**Reason:**
In circle CI the job `publish-to-npm` is failing because of a preinstall [validation](https://github.com/facebook/metro/blob/5f9ba404ca5510386c509cb649295810cfd87f5f/scripts/preinstall.js#L14) which checks for presence of `NPM_TOKEN` while running `yarn install`.

**Fix:**
Run yarn with `--ignore-scripts` to not run any arbitrary scripts.

Pull Request resolved: https://github.com/facebook/metro/pull/902

Test Plan:
To be tested in circle-ci

ssh into circle-ci and ran `NPM_TOKEN= yarn --frozen-lockfile --non-interactive` and can see yarn install working as expected.

**Before:**
```
circleci@host:~/project$ yarn --frozen-lockfile --non-interactive
yarn install v1.22.18
$ node ./scripts/preinstall.js
yarn has been executed with a NPM_TOKEN environment variable set.
This poses a risk since that token can be leaked to external libraries.
Please make sure that any token gets deleted before running yarn.
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
```

**After:**
```
circleci@host:~/project$ NPM_TOKEN= yarn --frozen-lockfile --non-interactive
yarn install v1.22.18
$ node ./scripts/preinstall.js
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
warning " > eslint-plugin-ft-flow@2.0.1" has unmet peer dependency "babel/eslint-parser@^7.12.0".
warning "eslint-plugin-jest > typescript-eslint/utils > typescript-eslint/typescript-estree > tsutils@3.21.0" has unmet peer dependency "typescript@>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta".
[4/4] Building fresh packages...
$ node ./scripts/build.js
Building packages (using Babel v7.14.0)
buck-worker-tool...............................................................[  OK  ]
metro..........................................................................[  OK  ]
metro-babel-register...........................................................[  OK  ]
metro-babel-transformer........................................................[  OK  ]
metro-cache....................................................................[  OK  ]
metro-cache-key................................................................[  OK  ]
metro-config...................................................................[  OK  ]
metro-core.....................................................................[  OK  ]
metro-file-map.................................................................[  OK  ]
metro-hermes-compiler..........................................................[BABEL] Note: The code generator has deoptimised the styling of /home/circleci/project/packages/metro-hermes-compiler/src/emhermesc.js as it exceeds the max of 500KB.
[  OK  ]
metro-inspector-proxy..........................................................[  OK  ]
metro-memory-fs................................................................[  OK  ]
metro-minify-terser............................................................[  OK  ]
metro-minify-uglify............................................................[  OK  ]
metro-react-native-babel-preset................................................[  OK  ]
metro-react-native-babel-transformer...........................................[  OK  ]
metro-react-native-interop-tools...............................................[  OK  ]
metro-resolver.................................................................[  OK  ]
metro-runtime..................................................................[  OK  ]
metro-source-map...............................................................[  OK  ]
metro-symbolicate..............................................................[  OK  ]
metro-transform-plugins........................................................[  OK  ]
metro-transform-worker.........................................................[  OK  ]
ob1............................................................................[  OK  ]

Done in 23.03s.
```

Reviewed By: huntie

Differential Revision: D41647631

Pulled By: jacdebug

fbshipit-source-id: 0417d1bae0f9d7b7f953013bcaf26fba4084fc33
---
 .circleci/config.yml | 2 +-
 package.json         | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 3d1a8b8959..25c06d87bc 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -33,7 +33,7 @@ commands:
             - dependencies-{{ .Branch }}-
       - run:
           name: Installing dependencies
-          command: yarn --frozen-lockfile --non-interactive
+          command: yarn --frozen-lockfile --non-interactive --ignore-scripts
           working_directory: << parameters.working_directory >>
       - save_cache:
           paths:
diff --git a/package.json b/package.json
index 1b55cce060..cdb27a04b3 100644
--- a/package.json
+++ b/package.json
@@ -48,7 +48,6 @@
     "lint": "eslint . --cache",
     "postinstall": "node ./scripts/build.js",
     "postpublish": "lerna run cleanup-release",
-    "preinstall": "node ./scripts/preinstall.js",
     "publish": "yarn run build-clean && yarn run build && lerna run prepare-release && lerna exec -- npm publish",
     "start": "node packages/metro/src/cli",
     "test-coverage": "yarn run build && yarn run jest --coverage -i && node scripts/mapCoverage.js",