From 919aaec3592677243a3af7a73794f267dd029ae7 Mon Sep 17 00:00:00 2001
From: "securityeng-bot[bot]"
 <219863240+securityeng-bot[bot]@users.noreply.github.com>
Date: Mon, 15 Jun 2026 14:21:47 +0000
Subject: [PATCH] fix: use lockfile-aware install commands

---
 .github/workflows/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 0bcdabf85..f47aa5943 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -21,7 +21,7 @@ jobs:
 
       # Working around https://github.com/npm/cli/issues/4828
       # - run: npm ci
-      - run: npm install --no-package-lock
+      - run: npm ci --no-package-lock
       - run: npm run build
 
   publish:
@@ -44,7 +44,7 @@ jobs:
 
       # Working around https://github.com/npm/cli/issues/4828
       # - run: npm ci
-      - run: npm install --no-package-lock
+      - run: npm ci --no-package-lock
 
       # TODO: Add --provenance once the repo is public
       - run: npm run publish-all