--- title: npm-deny-scripts section: 1 description: Deny install scripts for specific dependencies --- ### Synopsis ```bash npm deny-scripts [ ...] npm deny-scripts --all ``` Note: This command is unaware of workspaces. ### Description The companion command to [`npm approve-scripts`](/commands/npm-approve-scripts). Writes `false` entries into the `allowScripts` field of your project's `package.json`, recording that a dependency must not run install scripts even if a future version would otherwise be eligible. In the current release, install scripts still run by default, so `deny-scripts` only affects how installs of denied packages are reported. A future release will block unreviewed install scripts and respect deny entries at install time. ```bash npm deny-scripts [ ...] npm deny-scripts --all ``` `` matches every installed version of that package. Denies are always written name-only (`"pkg": false`), regardless of `--allow-scripts-pin`. Pinning a deny to a specific version would silently re-allow scripts for any other version of the same package, which defeats the purpose; the command picks the safer default for you. `--all` denies every package with unreviewed install scripts. If a `true` (pinned or name-only) entry exists for a package and you then deny it, the existing allow entries are removed so the name-only deny is unambiguous. ### Examples ```bash # Deny a specific package outright npm deny-scripts telemetry-pkg # Deny everything that has install scripts and isn't already approved npm deny-scripts --all ``` ### Configuration #### `all` * Default: false * Type: Boolean When running `npm outdated` and `npm ls`, setting `--all` will show all outdated or installed packages, rather than only those directly depended upon by the current project. #### `allow-scripts-pending` * Default: false * Type: Boolean List packages with install scripts that are not yet covered by the `allowScripts` policy, without modifying `package.json`. Only meaningful for `npm approve-scripts`. #### `allow-scripts-pin` * Default: true * Type: Boolean Write pinned (`pkg@version`) entries when approving install scripts. Set to `false` to write name-only entries that allow any version. Has no effect on `npm deny-scripts`, which always writes name-only entries regardless of this setting. #### `json` * Default: false * Type: Boolean Whether or not to output JSON data, rather than the normal output. * In `npm pkg set` it enables parsing set values with JSON.parse() before saving them to your `package.json`. Not supported by all npm commands. ### See Also * [npm approve-scripts](/commands/npm-approve-scripts) * [npm install](/commands/npm-install) * [package.json](/configuring-npm/package-json)