From 5908a6b6dfeb5b3ec43c08b35faf27a28f7267e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Carlos=20Ch=C3=A1vez?= <jcchavezs@gmail.com>
Date: Thu, 9 Apr 2026 20:07:40 +0200
Subject: [PATCH] fix(security): run npm ci with --ignore-scripts to avoid
 malicious scripts

---
 .github/workflows/aws-publish.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/aws-publish.yml b/.github/workflows/aws-publish.yml
index 46948cc..04fd04b 100644
--- a/.github/workflows/aws-publish.yml
+++ b/.github/workflows/aws-publish.yml
@@ -26,7 +26,7 @@ jobs:
 
       # Step 3: Install dependencies
       - name: Install dependencies
-        run: npm ci --include=dev
+        run: npm ci --ignore-scripts --include=dev
 
       # Step 4: Build the project
       - name: Build package
@@ -43,4 +43,4 @@ jobs:
       # Step 6: Upload to S3
       - name: Upload to S3
         run: |
-          aws s3 cp ./dist s3://universal-login-sample-app/ --recursive
\ No newline at end of file
+          aws s3 cp ./dist s3://universal-login-sample-app/ --recursive