NPM Build Script Allowlist

This package provides a curated, manually maintained list of common npm packages that legitimately require build scripts (e.g., `preinstall`, `install`, `postinstall`) to function correctly during installation. Its primary purpose is to enhance supply chain security by enabling package managers like pnpm v10 and Bun (which block build scripts by default) to differentiate between necessary and potentially malicious build script executions. The package uses a date-based versioning scheme (e.g., `0.YYYYMMDD.0`) to indicate the last update date, facilitating easy identification of outdated lists. Currently, it is primarily integrated with pnpm v10 via the `onlyBuiltDependenciesFile` and `configDependencies` fields in `package.json`. While efforts are underway to support other package managers through `@lavamoat/allow-scripts`, its current utility is specific to pnpm's security model. The list is not exhaustive, focusing on widely used packages whose build scripts are deemed essential, and requires manual maintenance and updates by users to stay current and effective. It provides a community-driven approach to maintaining a secure dependency graph where build scripts are an unavoidable necessity.