From 370c11d1c1d728662b0d6c7912f311a89a8d798c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hogne=20H=C3=A5skjold?= <hogne.haskjold@sikt.no>
Date: Tue, 31 Mar 2026 11:20:00 +0200
Subject: [PATCH] Disable npm lifecycle scripts to mitigate supply chain
 attacks

---
 .github/workflows/deploy.yml    | 2 +-
 .github/workflows/pr-checks.yml | 2 +-
 .npmrc                          | 1 +
 3 files changed, 3 insertions(+), 2 deletions(-)
 create mode 100644 .npmrc

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 8b607e797..4810694f5 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -48,7 +48,7 @@ jobs:
             ${{ runner.os }}-
 
       - name: Install dependencies
-        run: npm ci
+        run: npm ci --ignore-scripts
         
       - name: Build docs
         run: npm run build
diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml
index c0d4926d4..9a071089e 100644
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@@ -40,7 +40,7 @@ jobs:
             ${{ runner.os }}-
 
       - name: Install dependencies
-        run: npm ci
+        run: npm ci --ignore-scripts
 
       - name: Lint js code
         run: npm run lint
diff --git a/.npmrc b/.npmrc
new file mode 100644
index 000000000..97b895e2f
--- /dev/null
+++ b/.npmrc
@@ -0,0 +1 @@
+ignore-scripts=true