fix(security): run npm ci with --ignore-scripts to avoid malicious scripts

jcchavezs · jcchavezs · commit 867eeb69b7b1 · 2026-04-09T20:08:24.000+02:00
diff --git a/.github/workflows/production.yaml b/.github/workflows/production.yaml
@@ -19,7 +19,7 @@ jobs:
                 node-version: '22'
 
             - name: Install dependencies
-              run: npm ci
+              run: npm ci --ignore-scripts
 
             - name: Run Vitest
               run: npx vitest run
