Is there a way to list all the packages in the dependency tree with preinstall/postinstall hooks? Preferably before doing the installation?

Stupid question, but:

- If it's safe to "ignore scripts", why does this option exist in the first place?

- Otherwise, what kind of cascade breakage in dependencies you risk by suppressing part of their installation process?

Once you run the JavaScript of the npm library you just installed, if it's Node, what's to stop it accessing environment variables and any file it wants, and sending data to any domain it wants?

Or use pnpm