From cb2138bf689e38967ce739ad1e3a134056144c86 Mon Sep 17 00:00:00 2001
From: dbutts29 <darren.butts@rollbar.com>
Date: Tue, 9 Jun 2026 14:34:00 -0700
Subject: [PATCH] Add .npmrc with ignore-scripts=true to block dependency
 install hooks

Prevents npm from auto-running dependency lifecycle scripts (preinstall/install/postinstall) on install, mitigating the Miasma/Shai-Hulud npm supply-chain worm class.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 .npmrc | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .npmrc

diff --git a/.npmrc b/.npmrc
new file mode 100644
index 0000000..97b895e
--- /dev/null
+++ b/.npmrc
@@ -0,0 +1 @@
+ignore-scripts=true