From e1bbb0c80433e8ff88fa0223d1e7b992e4a07875 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Carlos=20Ch=C3=A1vez?= <jcchavezs@gmail.com>
Date: Thu, 9 Apr 2026 20:08:40 +0200
Subject: [PATCH] fix(security): run npm ci with --ignore-scripts to avoid
 malicious scripts

---
 .github/workflows/nodejs.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
index 4f5b80d..2c18266 100644
--- a/.github/workflows/nodejs.yml
+++ b/.github/workflows/nodejs.yml
@@ -21,7 +21,6 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node-version }}
-      - run: npm ci
+      - run: npm ci --ignore-scripts
       - run: npm run build --if-present
       - run: npm test
-