vikarti.anatra/Skyvern
1
0
Fork 0
mirror of https://github.com/Skyvern-AI/skyvern.git synced 2026-04-28 03:30:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

chore(security): add .npmrc ignore-scripts to remaining npm workspaces (#5603)

Browse source 
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Shuchang Zheng 2026-04-22 15:56:36 -07:00 committed by GitHub
parent 108ec030e6
commit 32be517565
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 15 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
tests/sdk/typescript_sdk/.npmrc Normal file
View file

@ -0,0 +1,5 @@
# Supply chain protection: do not run lifecycle scripts (preinstall, install,
# postinstall) on npm install. Blocks worms like "Shai-Hulud" from executing
# on a compromised dependency before we notice. If a package genuinely needs
# its install script, use @lavamoat/allow-scripts to allowlist it.
ignore-scripts=true