From e1223df0aae003303a90ef892e67e5313bd879c7 Mon Sep 17 00:00:00 2001
From: Andreas Motl <andreas.motl@crate.io>
Date: Tue, 25 Nov 2025 22:35:37 +0100
Subject: [PATCH] Security: Use `enableScripts: false` to suppress
 `postinstall` tasks

https://yarnpkg.com/configuration/yarnrc#enableScripts

https://www.nodejs-security.com/blog/npm-ignore-scripts-best-practices-as-security-mitigation-for-malicious-packages
---
 .yarnrc.yml | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .yarnrc.yml

diff --git a/.yarnrc.yml b/.yarnrc.yml
new file mode 100644
index 00000000..1e5671ce
--- /dev/null
+++ b/.yarnrc.yml
@@ -0,0 +1 @@
+enableScripts: false