diff --git a/.npmrc b/.npmrc
new file mode 100644
index 0000000000..f46fe20a31
--- /dev/null
+++ b/.npmrc
@@ -0,0 +1,8 @@
+# If set to false, then ignore package-lock.json files when installing. This will also prevent writing package-lock.json if save is true. source: https://docs.npmjs.com/cli/v11/using-npm/config
+package-lock=true
+# If true, npm does not run scripts specified in package.json files. source: https://docs.npmjs.com/cli/v11/using-npm/config#ignore-scripts
+ignore-scripts=true
+# Dependencies saved to package.json will be configured with an exact version rather than using npm's default semver range operator. source: https://docs.npmjs.com/cli/v11/using-npm/config#save-exact
+save-exact=true
+# If set to true, then npm will stubbornly refuse to install (or even consider installing) any package that claims to not be compatible with the current Node.js version. source: https://docs.npmjs.com/cli/v11/using-npm/config#engine-strict
+engine-strict=true
diff --git a/package.json b/package.json
index 767b79e681..6615b17902 100644
--- a/package.json
+++ b/package.json
@@ -112,5 +112,8 @@
     "registry": "https://registry.npmjs.org/",
     "access": "public"
   },
-  "homepage": "https://db-ui.github.io/core/"
+  "homepage": "https://db-ui.github.io/core/",
+  "engines": {
+    "node": ">= 22"
+  }
 }