actions/ruff
1
0
Fork 0
mirror of https://github.com/astral-sh/ruff-action.git synced 2026-05-19 07:30:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

chore: use npm ci --ignore-scripts in CI and scripts (#276)

Browse Source 
Replaces various uses of `npm install` with `npm ci --ignore-scripts`.
This should both be more hermetic (it'll always use the locked versions
rather than re-resolving) and will partially mitigate some build-time
code execution risk.

There should be no breakage risk, as the current dependency footprint is
small and shouldn't include anything that uses build scripts 🙂

Signed-off-by: William Woodruff <william@astral.sh>
This commit is contained in:
William Woodruff
2025-12-02 02:09:27 -05:00
committed by GitHub
parent 1e133b7ccc
commit 5960f93ec0
3 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/test.yml
+1 -1
View File
@@ -25,7 +25,7 @@ jobs:
with:
node-version: "20"
- run: |
npm install
npm ci --ignore-scripts
- run: |
npm run all
- name: Check all jobs are in all-tests-passed.needs