[ComputerGuru]

My big question as an OSS dev distributing some precompiled binaries via npm for easy installation: does allowScripts also default to disabled when directly installing a package (globally or otherwise)?

[jamiem]

Yes, all install scripts will be disabled by default regardless of if they are from direct or transitive dependencies.

But if you're already following the os + cpu + optionalDependencies model to distribute your precompiled binaries you should be fine.