My big question as an OSS dev distributing some precompiled binaries via npm for easy installation: does allowScripts also default to disabled when directly installing a package (globally or otherwise)?
My big question as an OSS dev distributing some precompiled binaries via npm for easy installation: does allowScripts also default to disabled when directly installing a package (globally or otherwise)?
Yes, all install scripts will be disabled by default regardless of if they are from direct or transitive dependencies.
But if you're already following the os + cpu + optionalDependencies model to distribute your precompiled binaries you should be fine.