From 867eeb69b7b16596e4041a8e55e349b80ae0ffc1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Carlos=20Ch=C3=A1vez?= <jcchavezs@gmail.com>
Date: Thu, 9 Apr 2026 20:08:24 +0200
Subject: [PATCH 1/2] fix(security): run npm ci with --ignore-scripts to avoid
 malicious scripts

---
 .github/workflows/production.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/production.yaml b/.github/workflows/production.yaml
index adca8ecb..64c2d1d3 100644
--- a/.github/workflows/production.yaml
+++ b/.github/workflows/production.yaml
@@ -19,7 +19,7 @@ jobs:
                 node-version: '22'
 
             - name: Install dependencies
-              run: npm ci
+              run: npm ci --ignore-scripts
 
             - name: Run Vitest
               run: npx vitest run

From fa4c26842e01005df1c3590172f616787b6d449f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Carlos=20Ch=C3=A1vez?= <jcchavezs@gmail.com>
Date: Thu, 9 Apr 2026 20:08:25 +0200
Subject: [PATCH 2/2] fix(security): run npm ci with --ignore-scripts to avoid
 malicious scripts

---
 .github/workflows/tests.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index 34a9871c..0f7a06a2 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -18,7 +18,7 @@ jobs:
                 node-version: '22'
 
             - name: Install dependencies
-              run: npm ci
+              run: npm ci --ignore-scripts
 
             - name: Run Vitest
               run: npx vitest run
@@ -36,4 +36,4 @@ jobs:
                 name: playwright-traces
                 path: playwright-report/**/trace.zip
 
-        
\ No newline at end of file
+