Skip to content

Ensure ignore-scripts=true in .npmrc for npm directories#4

Merged
jwreford99 merged 1 commit intomainfrom
add-npmrc-ignore-scripts
Apr 1, 2026
Merged

Ensure ignore-scripts=true in .npmrc for npm directories#4
jwreford99 merged 1 commit intomainfrom
add-npmrc-ignore-scripts

Conversation

@jwreford99
Copy link
Copy Markdown

@jwreford99 jwreford99 commented Apr 1, 2026

This PR was auto generated by script

Why do we need this?

Supply chain attacks are an ongoing risk for us. Specifically, when installing packages we don't want to run any postinstall scripts.

The following Slack message has some deeper context -> https://gearsethq.slack.com/archives/C01F15WFJAU/p1758029881605319

The script has identified directories with a package.json that either have no .npmrc file or have one that does not include ignore-scripts=true. This PR addresses both cases.

What does this PR change?

Ensures every directory containing a package.json has an .npmrc with ignore-scripts=true

Files updated

  • .npmrc

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 1, 2026

Coverage Report

Commit:2919594
Base: main@b14da4a

Type This PR
Total Statements Coverage  70.77%
Total Branches Coverage  70.84%
Total Functions Coverage  83.35%
Total Lines Coverage  70.77%
Details (changed files):
File Statements Branches Functions Lines

@jwreford99 jwreford99 merged commit 1ff2ed3 into main Apr 1, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jwreford99