[rush] Missing documentation of INSTALL_RUN_LOCKFILE_PATH environment variable

## Summary



While handling https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised in our project, we found out that `node common/scrips/install-run-rush.js` installed malicious versions of the affected dependencies.

We mitigated it by setting the undocumented environment variable `INSTALL_RUN_RUSH_LOCKFILE_PATH` from https://github.com/microsoft/rushstack/pull/3671. Thank you for providing this option 👍 .

We couldn't find any documentation about this in https://rushstack.io/ nor in this GitHub organization. We think it would be valuable to have that documented to avoid similar issues in future.

## Standard questions

Please answer these questions to help us investigate your issue more quickly:

| Question | Answer |
| -------- | -------- |
| `@microsoft/rush` globally installed version? | `5.158.1` |
| `rushVersion` from rush.json? | `5.158.1` |
| `useWorkspaces` from rush.json? | `true` |
| Operating system? | Linux |
| Would you consider contributing a PR? | Yes |
| Node.js version (`node -v`)? | 22.19.0 |

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[rush] Missing documentation of INSTALL_RUN_LOCKFILE_PATH environment variable #5359

Summary

Standard questions

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Question	Answer
`@microsoft/rush` globally installed version?	`5.158.1`
`rushVersion` from rush.json?	`5.158.1`
`useWorkspaces` from rush.json?	`true`
Operating system?	Linux
Would you consider contributing a PR?	Yes
Node.js version (`node -v`)?	22.19.0

[rush] Missing documentation of INSTALL_RUN_LOCKFILE_PATH environment variable #5359

Description

Summary

Standard questions

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions