My npm public package is not in runkit

Why my public npm package autocosts is not in RunKit, if it has an API which you can use programmatically? I already reported several times, but nothing

Hi there,

It looks like in version 6.x.x your package added a postinstall script. We’re actively working on a way to safely install packages with install scripts, but for the moment they’re not supported on RunKit.

- Randy

why don’t you install the packages with option --ignore-scripts ?
For me that would be fully sufficient? I use the post install script just to run a http server, but I don’t need it for my API

Although installing with --ignore-scripts would work in your particular case, it would not work in the general case and lead to more confusion from having a broken installation of a package that expected their post-install script to have run.

I will also comment that using the post-install script to indiscriminately start a server that can be port-scanned is a… unique choice. I see that you tell people to use --ignore-scripts in the documentation, but what if autocosts is a dependency of another package I happen to be installing? Unless your post-install script is somehow figuring this out automatically (which from my cursory look at the implementation it does not seem to do, but I may be wrong), it means that me installing a completely unrelated package will result in a server being silently started in the background, and run until I reboot the computer. Also, this obfuscates how to start the server the next time you want to use it (after for example rebooting your computer). Is the expectation that you should install it every time you want to use it? Why not instead just have it be a CLI command that you can run to start and stop the service as opposed to piggy-backing off of an install step? Or alternatively making it an npx script?

1 Like

@tolmasky good point, thanks for the tips

I did it to ease the installation process to third party users, since the project started merely as http server to provide a html/js calculator, i.e., the original purpose was not be an API, that came later.

Indeed no, the http server and the API are totally different things and actually I didn’t know how to combine them.

I will amend according to your suggestion, thanks, but again I will demand users who just want to simply run a local server, to execute a further command.

as said, to just ease the installation process, right now with one simple command the user has an http local server working and readily accessible at http://localhost