From e5ae897ce3b21fd1d5cd51472422f1ab314de747 Mon Sep 17 00:00:00 2001
From: "securityeng-bot[bot]"
 <219863240+securityeng-bot[bot]@users.noreply.github.com>
Date: Wed, 27 May 2026 15:38:17 +0000
Subject: [PATCH 1/3] ci: enforce ignore-scripts policy for Node package
 managers

---
 .npmrc | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .npmrc

diff --git a/.npmrc b/.npmrc
new file mode 100644
index 00000000..97b895e2
--- /dev/null
+++ b/.npmrc
@@ -0,0 +1 @@
+ignore-scripts=true

From 98dfc823b63bb80955bc4a749e654061713ab240 Mon Sep 17 00:00:00 2001
From: "securityeng-bot[bot]"
 <219863240+securityeng-bot[bot]@users.noreply.github.com>
Date: Wed, 27 May 2026 15:38:18 +0000
Subject: [PATCH 2/3] ci: enforce ignore-scripts policy for Node package
 managers

---
 app/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/Dockerfile b/app/Dockerfile
index 49d1ad47..56ba683e 100644
--- a/app/Dockerfile
+++ b/app/Dockerfile
@@ -24,6 +24,7 @@ RUN --mount=type=bind,source=package.json,target=package.json \
     npm ci --include=dev
 
 # install nodemon for hot-reloading
+COPY .npmrc .
 RUN npm install -g nodemon
 
 # Copy the rest of the source files into the image.

From 5f057bac93867998bc9069926a94e8ee87a2c723 Mon Sep 17 00:00:00 2001
From: Docker Agent <agent@docker.com>
Date: Wed, 27 May 2026 17:28:07 +0000
Subject: [PATCH 3/3] fix: move .npmrc into Docker build context directory

---
 .npmrc => app/.npmrc | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename .npmrc => app/.npmrc (100%)

diff --git a/.npmrc b/app/.npmrc
similarity index 100%
rename from .npmrc
rename to app/.npmrc