From 287d60555c7d81cfd361075354a3adfe08327f29 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Ad=C3=A1mek?= <banan23@gmail.com>
Date: Fri, 29 May 2026 12:27:02 +0200
Subject: [PATCH] fix: drop only-allow preinstall from the published package
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

`preinstall: npx only-allow pnpm` is a contributor guard, but it ships
in the published `impit` package and therefore runs on every consumer
install. It forces a network `npx only-allow` fetch during install,
which breaks downstream installs when that fetch flakes (corrupted npm
cache / ENOENT) — e.g. it fails `yarn install` in dependents. impit
ships prebuilt native binaries, so consumers need no install/build
scripts at all.
---
 impit-node/package.json | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/impit-node/package.json b/impit-node/package.json
index c35112a3..9e0e3919 100644
--- a/impit-node/package.json
+++ b/impit-node/package.json
@@ -50,8 +50,7 @@
     "prepublishOnly": "napi prepublish -t npm --no-gh-release",
     "test": "vitest --retry=3 && node ./test/e2e/run-e2e-tests.mjs",
     "universal": "napi universal",
-    "copy-version": "napi version",
-    "preinstall": "npx only-allow pnpm"
+    "copy-version": "napi version"
   },
   "packageManager": "pnpm@10.24.0",
   "description": "Impit for JavaScript",