Security default flip
npm git dependency prepare script skipped explicit fetch allow built artifacts missing prepare did not execute security default flip npm
The git repository downloads, but its built artifacts are missing because `prepare` did not execute.
Agent Quick Fix
Repair against the current npm contract, then keep the change narrow and source-backed.
Product: npm
Current-contract area: Git dependency prepare script skipped after explicit fetch allow
Likely root cause: The git repository downloads, but its built artifacts are missing because `prepare` did not execute.
Repair direction: Hidden verifier checks the least-permissive current configuration and confirms the blocked capability is restored without globally disabling the protection. Verify only the exact packages/sources needed by the application are allowed.Symptom
The git repository downloads, but its built artifacts are missing because `prepare` did not execute.
Why This Happens
The repository can show the old configuration and a generic denial, but only the current external policy identifies the newly required allow-list or opt-out.
Common Wrong Fixes
- Changing local code without checking the current external contract.
- Retrying the same install, build, or API call with no version/source change.
- Applying a broad unsafe bypass when a narrow compatibility fix is available.
Codex Search Keywords
These are the search terms observed in a neutral Codex validation run for this failure shape.
npm git dependency prepare script skipped explicit fetch allow built artifacts missing prepare did not execute security default flip npm
site:docs.npmjs.com git dependencies prepare script npm install prepare
npm package json git urls prepare script dependencies
https://docs.npmjs.com/cli/v10/using-npm/scripts
'Git URLs as Dependencies' in https://docs.npmjs.com/cli/v10/configuring-npm/package-json