security(.npmrc): ignore npm scripts (#3805)

wellwelwel · web-flow · commit 288d757bfe8a · 2025-09-18T02:26:25.000-03:00
After the recent supply chain attacks that use install scripts, this simple update prevents the automatic installation of npm scripts for maintainers and contributors.

- There is no security fault, this is just a precaution.
- The end user isn't affected by this change.
diff --git a/.gitignore b/.gitignore
@@ -9,7 +9,6 @@ lib-cov
 .DS_Store
 .idea/
 .vscode/
-.npmrc
 coverage/
 mysqldata/
 
diff --git a/.npmrc b/.npmrc
@@ -0,0 +1 @@
+ignore-scripts=true
