Configure build-scripts-allowlist in package.json

[karlhorky]

Alternative to upleveled/preflight#620

Currently, some lifecycle scripts (build scripts) of packages like sharp and bcrypt are not allowed in pnpm v10, and result in errors like the following Ignored build scripts error:

$ pnpm install
Lockfile is up to date, resolution step is skipped
Progress: resolved 1, reused 0, downloaded 0, added 0
Packages: +814
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Progress: resolved 814, reused 0, downloaded 69, added 66

...

Ignored build scripts: sharp. Run "pnpm approve-builds" to pick which dependencies should be allowed to run scripts.

Done in 13.8s

A student not including sharp in their Next.js project will mostly appear to work properly, but pages will most likely be slow to load, due to Next.js falling back to slower non-native image optimization.

To avoid this, add a step to bin/install.js to configure build-scripts-allowlist ("An up-to-date list of common NPM packages that need to run lifecycle scripts during installation", default-trusted-dependencies.txt list from bun extracted to separate package), as noted in the readme:

In your project using PNPM 10, add the following field to your package.json:

"pnpm": {
  "configDependencies": {
    "build-scripts-allowlist": "0.20250131.0+sha512-vuePnd+0F3PtuyFIHT1XsfOK7/BGkK1QmIMRHHPo+6LW7Wr/37QsQV3R/UztxoFWHHm9pSbCUovigSmeapfdLA=="
  },
  "onlyBuiltDependenciesFile": "node_modules/.pnpm-config/build-scripts-allowlist/common.json"
}