fix(security): run npm ci with --ignore-scripts to avoid malicious scripts

jcchavezs · jcchavezs · commit fa4c26842e01 · 2026-04-09T20:08:25.000+02:00
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -18,7 +18,7 @@ jobs:
                 node-version: '22'
 
             - name: Install dependencies
-              run: npm ci
+              run: npm ci --ignore-scripts
 
             - name: Run Vitest
               run: npx vitest run
@@ -36,4 +36,4 @@ jobs:
                 name: playwright-traces
                 path: playwright-report/**/trace.zip
 
-        
+        
