fix(security): harden .npmrc with supply-chain directives [APS-19734]

Rohan Nagariya · claude · Rohan Nagariya · commit 2e489f8786f9 · 2026-06-12T01:23:33.000+05:30
- Add ignore-scripts, strict-ssl, save-exact, engine-strict,
  legacy-peer-deps=false, audit-level=high
- Preserve existing package-lock=true and lockfile-version=1
- Public repo: access=restricted intentionally omitted
- Validated: npm install + npm test identical before/after
  (678 passing, 13 pre-existing failures unchanged); no install
  scripts in the dep tree, so ignore-scripts=true causes no regression

Resolves: APS-19734

Co-Authored-By: Claude Opus 4.8 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/.npmrc b/.npmrc
@@ -1,2 +1,8 @@
 package-lock=true
 lockfile-version=1
+ignore-scripts=true
+strict-ssl=true
+save-exact=true
+engine-strict=true
+legacy-peer-deps=false
+audit-level=high
