# Defense-in-depth against malicious postinstall hooks from typo-squatted or
# compromised transitive dependencies (CWE-1357). CI already passes
# --ignore-scripts explicitly in .github/workflows/ci.yml; this file extends
# the same default to local developer installs (npm install / npm ci).
#
# No package in this repo currently requires lifecycle scripts at install
# time. If one is added later, document the exception here and below in
# README.md, and contributors who knowingly need scripts for a one-off
# install can run: npm install --ignore-scripts=false
ignore-scripts=true
