feat(install): walk tree and emit advisory warning for unreviewed install scripts

The Phase 1 advisory warning. No scripts are blocked. After arb.reify()
completes, reify-finish walks the actual tree for dependencies whose
install-relevant lifecycle scripts are not yet covered by the
allowScripts policy. The result is appended to the install output as
one grouped block, not one log line per package.

  - workspaces/arborist/lib/install-scripts.js: per-node helper that
    returns the install-relevant lifecycle scripts. Covers preinstall,
    install, postinstall, prepare (non-registry sources only), and the
    synthetic 'node-gyp rebuild' detected by isNodeGypPackage from
    @npmcli/node-gyp. The runtime fs check is needed because the
    lockfile's hasInstallScript field misses packages whose only
    install-time work is binding.gyp.
  - lib/utils/check-allow-scripts.js: walks arb.actualTree.inventory
    and filters to unreviewed nodes. Honours --ignore-scripts and
    --dangerously-allow-all-scripts as full opt-outs. Treats explicit
    deny entries as reviewed (no warning).
  - lib/utils/reify-finish.js: runs the walker and passes results to
    reify-output as an extras payload.
  - lib/utils/reify-output.js: prints the grouped summary after the
    funding and audit messages. JSON output puts the same data on
    summary.unreviewedScripts.

Refs: npm/rfcs#868

Author: JamieMagee

lib/utils/check-allow-scripts.js

@@ -0,0 +1,52 @@
+const isScriptAllowed = require('@npmcli/arborist/lib/script-allowed.js')
+const getInstallScripts = require('@npmcli/arborist/lib/install-scripts.js')
+
+// Walks arb.actualTree.inventory and returns the list of dep nodes that
+// have install-relevant lifecycle scripts and are not yet covered (or
+// explicitly denied) by the allowScripts policy.
+//
+// Returns an array of `{ node, scripts }` entries. `scripts` is an object
+// describing the relevant lifecycle scripts that would run.
+
+const checkAllowScripts = async ({ arb, npm }) => {
+  const ignoreScripts = !!arb.options?.ignoreScripts
+  const dangerouslyAllowAll = !!npm?.flatOptions?.dangerouslyAllowAllScripts
+
+  if (ignoreScripts || dangerouslyAllowAll) {
+    return []
+  }
+
+  const tree = arb.actualTree
+  if (!tree?.inventory) {
+    return []
+  }
+
+  const policy = arb.options?.allowScripts || null
+
+  const unreviewed = []
+  for (const node of tree.inventory.values()) {
+    if (node.isProjectRoot || node.isWorkspace) {
+      continue
+    }
+    if (node.isLink) {
+      // Linked workspace dependencies are managed by the workspace owner.
+      continue
+    }
+
+    const verdict = isScriptAllowed(node, policy)
+    if (verdict === true || verdict === false) {
+      continue
+    }
+
+    const scripts = await getInstallScripts(node)
+    if (Object.keys(scripts).length === 0) {
+      continue
+    }
+
+    unreviewed.push({ node, scripts })
+  }
+
+  return unreviewed
+}
+
+module.exports = checkAllowScripts

lib/utils/reify-finish.js

@@ -1,4 +1,5 @@
 const reifyOutput = require('./reify-output.js')
+const checkAllowScripts = require('./check-allow-scripts.js')
 const ini = require('ini')
 const { writeFile } = require('node:fs/promises')
 const { resolve } = require('node:path')
@@ -15,7 +16,8 @@ const reifyFinish = async (npm, arb) => {
       }
     }
   }
-  reifyOutput(npm, arb)
+  const unreviewedScripts = await checkAllowScripts({ arb, npm })
+  reifyOutput(npm, arb, { unreviewedScripts })
 }
 
 module.exports = reifyFinish

lib/utils/reify-output.js

@@ -14,11 +14,25 @@ const { depth } = require('treeverse')
 const ms = require('ms')
 const npmAuditReport = require('npm-audit-report')
 const { readTree: getFundingInfo } = require('libnpmfund')
+const { getTrustedRegistryIdentity } = require('@npmcli/arborist/lib/script-allowed.js')
 const auditError = require('./audit-error.js')
 
-// TODO: output JSON if flatOptions.json is true
-const reifyOutput = (npm, arb) => {
+// Trusted display identity for the install-script advisory. Same idea as
+// the matcher: prefer the URL-derived name. For DISPLAY purposes only
+// (not policy matching), version falls back to node.version when the
+// URL doesn't carry one — the user still benefits from seeing what the
+// tarball claims to be, even when we cannot trust it for matching.
+const trustedDisplay = (node) => {
+  const trusted = getTrustedRegistryIdentity(node)
+  /* istanbul ignore next: defensive fallbacks for nodes without name/version */
+  return {
+    name: (trusted && trusted.name) || node.name || null,
+    version: (trusted && trusted.version) || node.version || null,
+  }
+}
+const reifyOutput = (npm, arb, extras = {}) => {
   const { diff, actualTree } = arb
+  const unreviewedScripts = extras.unreviewedScripts || []
 
   // note: fails and crashes if we're running audit fix and there was an error which is a good thing, because there's no point printing all this other stuff in that case!
   const auditReport = auditError(npm, arb.auditReport) ? null : arb.auditReport
@@ -113,11 +127,23 @@ const reifyOutput = (npm, arb) => {
       summary.audit = npm.command === 'audit' ? auditReport
         : auditReport.toJSON().metadata
     }
+    if (unreviewedScripts.length) {
+      summary.unreviewedScripts = unreviewedScripts.map(({ node, scripts }) => {
+        const { name, version } = trustedDisplay(node)
+        return {
+          name,
+          version,
+          path: node.path,
+          scripts,
+        }
+      })
+    }
     output.buffer(summary)
   } else {
     packagesChangedMessage(npm, summary)
     packagesFundingMessage(npm, summary)
     printAuditReport(npm, auditReport)
+    unreviewedScriptsMessage(npm, unreviewedScripts)
   }
 }
 
@@ -217,4 +243,29 @@ const packagesFundingMessage = (npm, { funding }) => {
   output.standard('  run `npm fund` for details')
 }
 
+const unreviewedScriptsMessage = (npm, unreviewedScripts) => {
+  if (!unreviewedScripts.length) {
+    return
+  }
+
+  output.standard()
+  const count = unreviewedScripts.length
+  const pkg = count === 1 ? 'package has' : 'packages have'
+  output.standard(`${count} ${pkg} install scripts not yet covered by allowScripts:`)
+
+  for (const { node, scripts } of unreviewedScripts) {
+    const { name, version } = trustedDisplay(node)
+    /* istanbul ignore next: every test node has a name */
+    const display = name || '<unknown>'
+    const ver = version ? `@${version}` : ''
+    const events = Object.entries(scripts)
+      .map(([event, cmd]) => `${event}: ${cmd}`)
+      .join('; ')
+    output.standard(`  ${display}${ver} (${events})`)
+  }
+
+  output.standard()
+  output.standard('Run `npm approve-scripts --pending` to review, or `npm approve-scripts <pkg>` to allow.')
+}
+
 module.exports = reifyOutput