Copied from frequency issue ### Feature Description ## Details Some supply chain attacks are using `postinstall` scripts in the CI to infect dev machines. # AC - [ ] make sure gateway does not depend on any of `preinstall`, `install`, `postinstall` in its packages - [ ] replace `npm install` with `npm install --ignore-scripts` in all github actions and make files or other scripts - [ ] replace `npm ci` with `npm ci --ignore-scripts` in all github actions and make files or other scripts
Copied from frequency issue
Feature Description
Details
Some supply chain attacks are using
postinstallscripts in the CI to infect dev machines.AC
preinstall,install,postinstallin its packagesnpm installwithnpm install --ignore-scriptsin all github actions and make files or other scriptsnpm ciwithnpm ci --ignore-scriptsin all github actions and make files or other scripts