fix: Fix attribution generation

[Gudahtt]

Description

Fix the attribution:generate command by ensuring that it is possible to install just production dependencies.

Previously the command yarn workspaces focus --production (used to discard development dependencies, keeping just production dependencies installed) would fail because rimraf was not found. rimraf was a development dependency used in the postinstall script. This was resolved by replacing rimraf with a Node.js script that does the same thing without needing any dependency.

Once that failure was resolved, another was revealed. The allow-scripts step of the installation began failing because there was a package detected that had an install script that was missing from our configuration. This package was in our configuration already, but the allow-scripts configuration is sensitive to changes in the directory structure of node_modules, and that structure changed due to differences in which packages were hoisted in the production-only install.

That failure was resolved by updating generate-attributions.sh to remove the allow-scripts plugin while generating attributions. We don't need postinstall scripts to run in order to read licences from disk.

Related issues

Fixes #28412

Manual testing steps

1. Run yarn attributions:generate, and see that it completes successfully
   • Locally, it should also re-install the allow-scripts plugin and development dependencies
   • If this command is run with CI=true (e.g. CI=true yarn attributions:generate), it will skip the step of re-installing the allow-scripts plugin and development dependencies. This is what would happen on CI, where the environment gets discarded after this is run so there is no point in re-installing things.

Screenshots/Recordings

N/A

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Extension Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[Gudahtt]

Previously the attempt to re-install development dependencies was also failing, because yarn was run in the wrong directory. This is now fixed as well.

[Gudahtt]

@metamaskbot update-policies

[metamaskbot]

Policies updated.
👀 Please review the diff for suspicious new powers.

🧠 Learn how: https://lavamoat.github.io/guides/policy-diff/#what-to-look-for-when-reviewing-a-policy-diff

[metamaskbot]

Builds ready [838989e]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6, 7
  • common: 0, 1, 10, 11, 12, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 11, 12, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (2019 ± 103 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	264	2544	1788	613	294
		domContentLoaded	1689	2469	1982	195	94
		load	1701	2526	2019	214	103
		domInteractive	19	92	56	19	9
		backgroundConnect	8	128	40	34	17
		firstReactRender	49	172	108	31	15
		getState	4	51	13	13	6
		initialActions	0	1	0	0	0
		loadScripts	1230	1873	1464	175	84
		setupStore	5	60	18	19	9
		uiStartup	1965	2818	2249	229	110

Bundle size diffs

• background: 0 Bytes (0.00%)
• ui: 0 Bytes (0.00%)
• common: 0 Bytes (0.00%)