From 662dfc07d164324004f1b4c55ac16d489c547650 Mon Sep 17 00:00:00 2001
From: "securityeng-bot[bot]"
 <219863240+securityeng-bot[bot]@users.noreply.github.com>
Date: Fri, 5 Jun 2026 09:05:39 -0400
Subject: [PATCH] ci: add ignore-scripts to Node package manager config
 (20260526-184008) (#748)

* ci: enforce ignore-scripts policy for Node package managers

---------

Co-authored-by: securityeng-bot[bot] <219863240+securityeng-bot[bot]@users.noreply.github.com>
---
 .npmrc                                    | 1 +
 .yarnrc.yml                               | 1 +
 angular/angular/Dockerfile                | 2 ++
 nginx-nodejs-redis/web/Dockerfile         | 2 ++
 react-express-mongodb/backend/Dockerfile  | 2 ++
 react-express-mongodb/frontend/Dockerfile | 2 ++
 react-express-mysql/backend/Dockerfile    | 2 ++
 react-express-mysql/frontend/Dockerfile   | 2 ++
 react-java-mysql/frontend/Dockerfile      | 2 ++
 react-nginx/Dockerfile                    | 2 ++
 react-rust-postgres/frontend/Dockerfile   | 2 ++
 vuejs/vuejs/Dockerfile                    | 2 ++
 12 files changed, 22 insertions(+)
 create mode 100644 .npmrc
 create mode 100644 .yarnrc.yml

diff --git a/.npmrc b/.npmrc
new file mode 100644
index 00000000..97b895e2
--- /dev/null
+++ b/.npmrc
@@ -0,0 +1 @@
+ignore-scripts=true
diff --git a/.yarnrc.yml b/.yarnrc.yml
new file mode 100644
index 00000000..1e5671ce
--- /dev/null
+++ b/.yarnrc.yml
@@ -0,0 +1 @@
+enableScripts: false
diff --git a/angular/angular/Dockerfile b/angular/angular/Dockerfile
index 01218e71..9c443250 100644
--- a/angular/angular/Dockerfile
+++ b/angular/angular/Dockerfile
@@ -5,6 +5,8 @@ FROM --platform=$BUILDPLATFORM node:17.0.1-bullseye-slim as builder
 RUN mkdir /project
 WORKDIR /project
 
+COPY .npmrc .
+COPY .yarnrc.yml .
 RUN npm install -g @angular/cli@13
 
 COPY package.json package-lock.json ./
diff --git a/nginx-nodejs-redis/web/Dockerfile b/nginx-nodejs-redis/web/Dockerfile
index 3d1b21f9..b47ee799 100644
--- a/nginx-nodejs-redis/web/Dockerfile
+++ b/nginx-nodejs-redis/web/Dockerfile
@@ -3,6 +3,8 @@ FROM node:14.17.3-alpine3.14
 WORKDIR /usr/src/app
 
 COPY package.json package-lock.json ./
+COPY .npmrc .
+COPY .yarnrc.yml .
 RUN npm ci
 COPY ./server.js ./
 
diff --git a/react-express-mongodb/backend/Dockerfile b/react-express-mongodb/backend/Dockerfile
index a4767ead..7dc00a88 100644
--- a/react-express-mongodb/backend/Dockerfile
+++ b/react-express-mongodb/backend/Dockerfile
@@ -7,6 +7,8 @@ WORKDIR /usr/src/app
 
 COPY package.json /usr/src/app/package.json
 COPY package-lock.json /usr/src/app/package-lock.json
+COPY .npmrc .
+COPY .yarnrc.yml .
 RUN npm ci
 
 COPY . /usr/src/app
diff --git a/react-express-mongodb/frontend/Dockerfile b/react-express-mongodb/frontend/Dockerfile
index d36d44b7..cab35860 100644
--- a/react-express-mongodb/frontend/Dockerfile
+++ b/react-express-mongodb/frontend/Dockerfile
@@ -14,6 +14,8 @@ COPY package-lock.json /usr/src/app
 #RUN npm set progress=false \
 #    && npm config set depth 0 \
 #    && npm i install
+COPY .npmrc .
+COPY .yarnrc.yml .
 RUN npm ci
 
 # Get all the code needed to run the app
diff --git a/react-express-mysql/backend/Dockerfile b/react-express-mysql/backend/Dockerfile
index 3863650d..97229c68 100755
--- a/react-express-mysql/backend/Dockerfile
+++ b/react-express-mysql/backend/Dockerfile
@@ -17,6 +17,8 @@ EXPOSE $PORT 9229 9230
 
 COPY package.json /code/package.json
 COPY package-lock.json /code/package-lock.json
+COPY .npmrc .
+COPY .yarnrc.yml .
 RUN npm ci
 
 # check every 30s to ensure this service returns HTTP 200
diff --git a/react-express-mysql/frontend/Dockerfile b/react-express-mysql/frontend/Dockerfile
index f491e2a8..2559d29d 100755
--- a/react-express-mysql/frontend/Dockerfile
+++ b/react-express-mysql/frontend/Dockerfile
@@ -8,6 +8,8 @@ ENV PORT=3000
 WORKDIR /code
 COPY package.json /code/package.json
 COPY package-lock.json /code/package-lock.json
+COPY .npmrc .
+COPY .yarnrc.yml .
 RUN npm ci
 COPY . /code
 
diff --git a/react-java-mysql/frontend/Dockerfile b/react-java-mysql/frontend/Dockerfile
index d7a08a8a..aa72f2f6 100644
--- a/react-java-mysql/frontend/Dockerfile
+++ b/react-java-mysql/frontend/Dockerfile
@@ -6,6 +6,8 @@ WORKDIR /code
 COPY package.json /code/package.json
 COPY package-lock.json /code/package-lock.json
 
+COPY .npmrc .
+COPY .yarnrc.yml .
 RUN npm ci
 COPY . /code
 
diff --git a/react-nginx/Dockerfile b/react-nginx/Dockerfile
index a494b012..3eeb5c55 100755
--- a/react-nginx/Dockerfile
+++ b/react-nginx/Dockerfile
@@ -11,6 +11,8 @@ COPY package.json /app/package.json
 COPY package-lock.json /app/package-lock.json
 
 # Same as npm install
+COPY .npmrc .
+COPY .yarnrc.yml .
 RUN npm ci
 
 COPY . /app
diff --git a/react-rust-postgres/frontend/Dockerfile b/react-rust-postgres/frontend/Dockerfile
index a875a4da..54c750e7 100755
--- a/react-rust-postgres/frontend/Dockerfile
+++ b/react-rust-postgres/frontend/Dockerfile
@@ -7,6 +7,8 @@ ENV PORT=3000
 WORKDIR /code
 COPY package.json /code/package.json
 COPY package-lock.json /code/package-lock.json
+COPY .npmrc .
+COPY .yarnrc.yml .
 RUN npm ci
 COPY . /code
 
diff --git a/vuejs/vuejs/Dockerfile b/vuejs/vuejs/Dockerfile
index 3f9cf5b2..45e15251 100755
--- a/vuejs/vuejs/Dockerfile
+++ b/vuejs/vuejs/Dockerfile
@@ -7,6 +7,8 @@ WORKDIR /project
 COPY . .
 
 RUN yarn global add @vue/cli
+COPY .npmrc .
+COPY .yarnrc.yml .
 RUN yarn install
 ENV HOST=0.0.0.0
 CMD ["yarn", "run", "serve"]