Skip to content

Add --ignore-scripts flag to all npm install commands#9

Draft
Copilot wants to merge 7 commits into
mainfrom
copilot/adjust-npm-install-commands
Draft

Add --ignore-scripts flag to all npm install commands#9
Copilot wants to merge 7 commits into
mainfrom
copilot/adjust-npm-install-commands

Conversation

Copilot AI commented Nov 26, 2025
edited
Loading

Copy link
Copy Markdown

Adds --ignore-scripts flag to all npm install commands for supply chain security.

Changes

  • Makefiles with NPM_INSTALL variable (lib/ts, sdk/console, sdk/prettier): Updated default from install to install --ignore-scripts
  • Makefiles with direct npm install (test/lib/ts, test/console-self-hosted, bind/dart): Added --ignore-scripts flag
  • GitHub Actions workflows (build.yml, publish.yml): Updated NPM_INSTALL env vars from ci to ci --ignore-scripts

Example

# Before
npm install

# After  
npm install --ignore-scripts
Original prompt

Adjust all npm install commands or similar to include the --ignore-scripts flag.

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@brenbar
Add --ignore-scripts flag to all npm install commands
9abd774 
Co-authored-by: brenbar <12563144+brenbar@users.noreply.github.com>
Copilot AI changed the title [WIP] Adjust npm install commands to include --ignore-scripts flag Add --ignore-scripts flag to all npm install commands Nov 26, 2025
Copilot AI requested a review from brenbar November 26, 2025 17:36
@brenbar

brenbar commented Nov 26, 2025

Copy link
Copy Markdown
Owner

@copilot Don't forget the NPM_INSTALL env var.

@brenbar
Add --ignore-scripts to NPM_INSTALL env vars in CI workflows
8f9b299 
Co-authored-by: brenbar <12563144+brenbar@users.noreply.github.com>

Copilot AI commented Nov 26, 2025

Copy link
Copy Markdown
Author

@copilot Don't forget the NPM_INSTALL env var.

Added --ignore-scripts to all 5 NPM_INSTALL env vars in .github/workflows/build.yml and .github/workflows/publish.yml (8f9b299).

@brenbar

brenbar commented Nov 26, 2025

Copy link
Copy Markdown
Owner

@copilot Do not update READMEs.

@brenbar
Revert README changes per feedback
0ec44bd 
Co-authored-by: brenbar <12563144+brenbar@users.noreply.github.com>

Copilot AI commented Nov 26, 2025

Copy link
Copy Markdown
Author

@copilot Do not update READMEs.

Reverted all README changes (0ec44bd).

dependabot Bot and others added 3 commits December 1, 2025 04:49
@dependabot
Bump the "all-weekly-updates" group with 1 updates across multiple ec…
b719a53 
…osystems (Telepact#249)

Bump mypy in /lib/py in the all-weekly-updates group

Bumps the all-weekly-updates group in /lib/py with 1 update: [mypy](https://github.com/python/mypy).


Updates `mypy` from 1.18.2 to 1.19.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.18.2...v1.19.0)

---
updated-dependencies:
- dependency-name: mypy
  dependency-version: 1.19.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-weekly-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@telepact-notary
Bump version to 1.0.0-alpha.170 (Telepact#249)
6e93bc6 
Release targets:
cli
py
@brenbar
Merge branch 'main' into copilot/adjust-npm-install-commands
16c30fb
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brenbar brenbar Awaiting requested review from brenbar

Assignees

@brenbar brenbar

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@brenbar