# Block postinstall scripts by default to reduce supply-chain attack surface.
# Packages with legitimate install scripts are explicitly rebuilt in `npm run install:all`.
#
# Trusted packages requiring install scripts:
#   esbuild      (client + server) — downloads platform-specific binary
#   node-pty     (server)          — builds native PTY addon
#   sharp        (server)          — fetches/builds libvips native binding
ignore-scripts=true
