docs: clarify postinstall requirements (#48485)

postinstall

docs/tutorial/tutorial-2-first-app.md

@@ -70,11 +70,12 @@ those package managers.
 Then, install Electron into your app's **devDependencies**, which is the list of external
 development-only package dependencies not required in production.
 
-:::info Why is Electron a devDependency?
+:::info Why is Electron a dev dependency?
 
-This may seem counter-intuitive since your production code is running Electron APIs.
-However, packaged apps will come bundled with the Electron binary, eliminating the need to specify
-it as a production dependency.
+This may seem counter-intuitive since your production code is running Electron APIs. Under the hood,
+Electron's JavaScript API binds to a binary that contains its implementations. The packaging step for
+Electron handles the bundling of this binary, eliminating the need to specify it as a production
+dependency.
 
 :::
 
@@ -82,6 +83,17 @@ it as a production dependency.
 npm install electron --save-dev
 ```
 
+:::warning
+
+In order to correctly install Electron, you need to ensure that its `postinstall` lifecycle
+script is able to run. This means avoiding the `--ignore-scripts` flag on npm and allowlisting
+`electron` to run build scripts on other package managers.
+
+This is likely to change in a future version of Electron. See
+[electron/rfcs#22](https://github.com/electron/rfcs/pull/22) for more details.
+
+:::
+
 Your package.json file should look something like this after initializing your package
 and installing Electron. You should also now have a `node_modules` folder containing
 the Electron executable, as well as a `package-lock.json` lockfile that specifies