Skip to content

chore: Optimize npm dependency installation#589

Open
tssecurity wants to merge 1 commit intomasterfrom
fix/npm-ci-security-optimization
Open

chore: Optimize npm dependency installation#589
tssecurity wants to merge 1 commit intomasterfrom
fix/npm-ci-security-optimization

Conversation

@tssecurity
Copy link
Copy Markdown
Contributor

@tssecurity tssecurity commented Apr 8, 2026

This PR replaces npm install and npm ci with npm ci --ignore-scripts in both Dockerfiles and YAML files (CI workflows, etc.). This improves build security, reproducibility, and speed by avoiding arbitrary scripts during install.

@tssecurity tssecurity requested review from a team as code owners April 8, 2026 10:01
@ts-sonarqube
Copy link
Copy Markdown

ts-sonarqube Bot commented Apr 8, 2026

Passed Quality Gate passed

Issues

Measures

Project ID: actions-coverage-upload

View in SonarQube

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tssecurity