Skip to content

chore: Optimize npm dependency installation#459

Open
tssecurity wants to merge 2 commits intomasterfrom
fix/npm-ci-security-optimization
Open

chore: Optimize npm dependency installation#459
tssecurity wants to merge 2 commits intomasterfrom
fix/npm-ci-security-optimization

Conversation

@tssecurity
Copy link
Copy Markdown
Contributor

@tssecurity tssecurity commented Apr 8, 2026

This PR replaces npm install and npm ci with npm ci --ignore-scripts in both Dockerfiles and YAML files (CI workflows, etc.). This improves build security, reproducibility, and speed by avoiding arbitrary scripts during install.

@tssecurity tssecurity requested review from a team as code owners April 8, 2026 10:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tssecurity