From a2f2cd620838f12c3d5530bbaf6ac2becdf30a93 Mon Sep 17 00:00:00 2001
From: dbutts29 <darren.butts@rollbar.com>
Date: Tue, 9 Jun 2026 14:04:41 -0700
Subject: [PATCH] Add .npmrc with ignore-scripts=true to block dependency
 install hooks

Prevents npm from auto-running dependency lifecycle scripts
(preinstall/install/postinstall) on install, mitigating the
Miasma/Shai-Hulud npm supply-chain worm class.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 .npmrc | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .npmrc

diff --git a/.npmrc b/.npmrc
new file mode 100644
index 0000000..97b895e
--- /dev/null
+++ b/.npmrc
@@ -0,0 +1 @@
+ignore-scripts=true