From 730b9a97b52bf78a93842feb7b16918353cee099 Mon Sep 17 00:00:00 2001
From: Campbell Allen <campbell.allen@gmail.com>
Date: Wed, 5 Oct 2022 10:55:11 +0100
Subject: [PATCH] add --ignore-scripts to npm build

use `--ignore-scripts` to secure the npm builds from package supply chain attacks via shell access in pre / post scripts. See https://docs.npmjs.com/cli/v7/commands/npm-install#ignore-scripts
---
 .github/workflows/npm_build.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/npm_build.yaml b/.github/workflows/npm_build.yaml
index f864dae..f1883d0 100644
--- a/.github/workflows/npm_build.yaml
+++ b/.github/workflows/npm_build.yaml
@@ -36,7 +36,7 @@ jobs:
       with:
         node-version: ${{ inputs.node_version }}
         cache: 'npm'
-    - run: npm ci
+    - run: npm ci --ignore-scripts
     - run: npm run ${{ inputs.script }}
 
     - name: Write commit_id.txt