### Feature Description ## Details Some supply chain attacks are using `postinstall` scripts in the CI to infect dev machines. # AC - [x] make sure we are not depended on any of `preinstall`, `install`, `postinstall` in our packages - [x] replace `npm install` with `npm install --ignore-scripts` in all github actions and make files or other scripts - [x] replace `npm ci` with `npm ci --ignore-scripts` in all github actions and make files or other scripts ### Searched for Related Issues - [x] I have done a search for related issues and either found none, or noted them
Feature Description
Details
Some supply chain attacks are using
postinstallscripts in the CI to infect dev machines.AC
preinstall,install,postinstallin our packagesnpm installwithnpm install --ignore-scriptsin all github actions and make files or other scriptsnpm ciwithnpm ci --ignore-scriptsin all github actions and make files or other scriptsSearched for Related Issues