From 8ded149643ef0ba21fce5a5d39894b39fff6c7ee Mon Sep 17 00:00:00 2001 From: "securityeng-bot[bot]" <219863240+securityeng-bot[bot]@users.noreply.github.com> Date: Fri, 5 Jun 2026 09:23:18 -0400 Subject: [PATCH] ci: add ignore-scripts to Node package manager config (20260527-153132) Adds ignore-scripts=true (.npmrc) and enableScripts: false (.yarnrc.yml) to all Node.js Dockerfiles to prevent supply-chain attacks via postinstall scripts. --- angular/angular/.npmrc | 1 + angular/angular/.yarnrc.yml | 1 + nginx-nodejs-redis/web/.npmrc | 1 + nginx-nodejs-redis/web/.yarnrc.yml | 1 + react-express-mongodb/backend/.npmrc | 1 + react-express-mongodb/backend/.yarnrc.yml | 1 + react-express-mongodb/frontend/.npmrc | 1 + react-express-mongodb/frontend/.yarnrc.yml | 1 + react-express-mysql/backend/.npmrc | 1 + react-express-mysql/backend/.yarnrc.yml | 1 + react-express-mysql/frontend/.npmrc | 1 + react-express-mysql/frontend/.yarnrc.yml | 1 + react-java-mysql/frontend/.npmrc | 1 + react-java-mysql/frontend/.yarnrc.yml | 1 + react-nginx/.npmrc | 1 + react-nginx/.yarnrc.yml | 1 + react-rust-postgres/frontend/.npmrc | 1 + react-rust-postgres/frontend/.yarnrc.yml | 1 + vuejs/vuejs/.npmrc | 1 + vuejs/vuejs/.yarnrc.yml | 1 + 20 files changed, 20 insertions(+) create mode 100644 angular/angular/.npmrc create mode 100644 angular/angular/.yarnrc.yml create mode 100644 nginx-nodejs-redis/web/.npmrc create mode 100644 nginx-nodejs-redis/web/.yarnrc.yml create mode 100644 react-express-mongodb/backend/.npmrc create mode 100644 react-express-mongodb/backend/.yarnrc.yml create mode 100644 react-express-mongodb/frontend/.npmrc create mode 100644 react-express-mongodb/frontend/.yarnrc.yml create mode 100644 react-express-mysql/backend/.npmrc create mode 100644 react-express-mysql/backend/.yarnrc.yml create mode 100644 react-express-mysql/frontend/.npmrc create mode 100644 react-express-mysql/frontend/.yarnrc.yml create mode 100644 react-java-mysql/frontend/.npmrc create mode 100644 react-java-mysql/frontend/.yarnrc.yml create mode 100644 react-nginx/.npmrc create mode 100644 react-nginx/.yarnrc.yml create mode 100644 react-rust-postgres/frontend/.npmrc create mode 100644 react-rust-postgres/frontend/.yarnrc.yml create mode 100644 vuejs/vuejs/.npmrc create mode 100644 vuejs/vuejs/.yarnrc.yml diff --git a/angular/angular/.npmrc b/angular/angular/.npmrc new file mode 100644 index 00000000..97b895e2 --- /dev/null +++ b/angular/angular/.npmrc @@ -0,0 +1 @@ +ignore-scripts=true diff --git a/angular/angular/.yarnrc.yml b/angular/angular/.yarnrc.yml new file mode 100644 index 00000000..1e5671ce --- /dev/null +++ b/angular/angular/.yarnrc.yml @@ -0,0 +1 @@ +enableScripts: false diff --git a/nginx-nodejs-redis/web/.npmrc b/nginx-nodejs-redis/web/.npmrc new file mode 100644 index 00000000..97b895e2 --- /dev/null +++ b/nginx-nodejs-redis/web/.npmrc @@ -0,0 +1 @@ +ignore-scripts=true diff --git a/nginx-nodejs-redis/web/.yarnrc.yml b/nginx-nodejs-redis/web/.yarnrc.yml new file mode 100644 index 00000000..1e5671ce --- /dev/null +++ b/nginx-nodejs-redis/web/.yarnrc.yml @@ -0,0 +1 @@ +enableScripts: false diff --git a/react-express-mongodb/backend/.npmrc b/react-express-mongodb/backend/.npmrc new file mode 100644 index 00000000..97b895e2 --- /dev/null +++ b/react-express-mongodb/backend/.npmrc @@ -0,0 +1 @@ +ignore-scripts=true diff --git a/react-express-mongodb/backend/.yarnrc.yml b/react-express-mongodb/backend/.yarnrc.yml new file mode 100644 index 00000000..1e5671ce --- /dev/null +++ b/react-express-mongodb/backend/.yarnrc.yml @@ -0,0 +1 @@ +enableScripts: false diff --git a/react-express-mongodb/frontend/.npmrc b/react-express-mongodb/frontend/.npmrc new file mode 100644 index 00000000..97b895e2 --- /dev/null +++ b/react-express-mongodb/frontend/.npmrc @@ -0,0 +1 @@ +ignore-scripts=true diff --git a/react-express-mongodb/frontend/.yarnrc.yml b/react-express-mongodb/frontend/.yarnrc.yml new file mode 100644 index 00000000..1e5671ce --- /dev/null +++ b/react-express-mongodb/frontend/.yarnrc.yml @@ -0,0 +1 @@ +enableScripts: false diff --git a/react-express-mysql/backend/.npmrc b/react-express-mysql/backend/.npmrc new file mode 100644 index 00000000..97b895e2 --- /dev/null +++ b/react-express-mysql/backend/.npmrc @@ -0,0 +1 @@ +ignore-scripts=true diff --git a/react-express-mysql/backend/.yarnrc.yml b/react-express-mysql/backend/.yarnrc.yml new file mode 100644 index 00000000..1e5671ce --- /dev/null +++ b/react-express-mysql/backend/.yarnrc.yml @@ -0,0 +1 @@ +enableScripts: false diff --git a/react-express-mysql/frontend/.npmrc b/react-express-mysql/frontend/.npmrc new file mode 100644 index 00000000..97b895e2 --- /dev/null +++ b/react-express-mysql/frontend/.npmrc @@ -0,0 +1 @@ +ignore-scripts=true diff --git a/react-express-mysql/frontend/.yarnrc.yml b/react-express-mysql/frontend/.yarnrc.yml new file mode 100644 index 00000000..1e5671ce --- /dev/null +++ b/react-express-mysql/frontend/.yarnrc.yml @@ -0,0 +1 @@ +enableScripts: false diff --git a/react-java-mysql/frontend/.npmrc b/react-java-mysql/frontend/.npmrc new file mode 100644 index 00000000..97b895e2 --- /dev/null +++ b/react-java-mysql/frontend/.npmrc @@ -0,0 +1 @@ +ignore-scripts=true diff --git a/react-java-mysql/frontend/.yarnrc.yml b/react-java-mysql/frontend/.yarnrc.yml new file mode 100644 index 00000000..1e5671ce --- /dev/null +++ b/react-java-mysql/frontend/.yarnrc.yml @@ -0,0 +1 @@ +enableScripts: false diff --git a/react-nginx/.npmrc b/react-nginx/.npmrc new file mode 100644 index 00000000..97b895e2 --- /dev/null +++ b/react-nginx/.npmrc @@ -0,0 +1 @@ +ignore-scripts=true diff --git a/react-nginx/.yarnrc.yml b/react-nginx/.yarnrc.yml new file mode 100644 index 00000000..1e5671ce --- /dev/null +++ b/react-nginx/.yarnrc.yml @@ -0,0 +1 @@ +enableScripts: false diff --git a/react-rust-postgres/frontend/.npmrc b/react-rust-postgres/frontend/.npmrc new file mode 100644 index 00000000..97b895e2 --- /dev/null +++ b/react-rust-postgres/frontend/.npmrc @@ -0,0 +1 @@ +ignore-scripts=true diff --git a/react-rust-postgres/frontend/.yarnrc.yml b/react-rust-postgres/frontend/.yarnrc.yml new file mode 100644 index 00000000..1e5671ce --- /dev/null +++ b/react-rust-postgres/frontend/.yarnrc.yml @@ -0,0 +1 @@ +enableScripts: false diff --git a/vuejs/vuejs/.npmrc b/vuejs/vuejs/.npmrc new file mode 100644 index 00000000..97b895e2 --- /dev/null +++ b/vuejs/vuejs/.npmrc @@ -0,0 +1 @@ +ignore-scripts=true diff --git a/vuejs/vuejs/.yarnrc.yml b/vuejs/vuejs/.yarnrc.yml new file mode 100644 index 00000000..1e5671ce --- /dev/null +++ b/vuejs/vuejs/.yarnrc.yml @@ -0,0 +1 @@ +enableScripts: false