docs: clarify postinstall requirements (#48497)

postinstall

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Erick Zhao <ezhao@slack-corp.com>

docs/tutorial/tutorial-2-first-app.md

@@ -58,11 +58,12 @@ There are a few rules to follow for the purposes of this tutorial:
 Then, install Electron into your app's **devDependencies**, which is the list of external
 development-only package dependencies not required in production.
 
-:::info Why is Electron a devDependency?
+:::info Why is Electron a dev dependency?
 
-This may seem counter-intuitive since your production code is running Electron APIs.
-However, packaged apps will come bundled with the Electron binary, eliminating the need to specify
-it as a production dependency.
+This may seem counter-intuitive since your production code is running Electron APIs. Under the hood,
+Electron's JavaScript API binds to a binary that contains its implementations. The packaging step for
+Electron handles the bundling of this binary, eliminating the need to specify it as a production
+dependency.
 
 :::
 
@@ -70,6 +71,17 @@ it as a production dependency.
 npm install electron --save-dev
 ```
 
+:::warning
+
+In order to correctly install Electron, you need to ensure that its `postinstall` lifecycle
+script is able to run. This means avoiding the `--ignore-scripts` flag on npm and allowlisting
+`electron` to run build scripts on other package managers.
+
+This is likely to change in a future version of Electron. See
+[electron/rfcs#22](https://github.com/electron/rfcs/pull/22) for more details.
+
+:::
+
 Your package.json file should look something like this after initializing your package
 and installing Electron. You should also now have a `node_modules` folder containing
 the Electron executable, as well as a `package-lock.json` lockfile that specifies