thatguygriff/walkies
1
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

Adopt @lavamoat/allow-scripts to gate npm install scripts
All checks were successful
CI / Go tests & lint (push) Successful in 1m34s
Details
CI / Frontend tests & type-check (push) Successful in 1m15s
Details

Browse Source 
Disables dependency lifecycle scripts by default via .npmrc
(ignore-scripts=true) so arbitrary packages cannot execute code at
install time. An explicit allowlist in web/package.json opts specific
packages back in, and CI/Docker/Taskfile now run allow-scripts after
npm install to apply it.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
James Griffin-Allwood
2026-04-17 11:29:08 -03:00
parent 0446e8f8a7
commit 668397104a
6 changed files with 1295 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Dockerfile
View File

@@ -1,8 +1,8 @@
# Stage 1: Build React frontend
FROM node:22-alpine AS frontend
WORKDIR /app/web
COPY web/package*.json ./
RUN npm install
COPY web/package*.json web/.npmrc ./
RUN npm install && npm exec -- allow-scripts
COPY web/ ./
RUN npm run build