From d3bce29e7ab01b698b7b087a20f23da4ed9d7d98 Mon Sep 17 00:00:00 2001
From: Andrew Shu <talklittle@gmail.com>
Date: Mon, 15 Dec 2025 22:56:58 -0800
Subject: [PATCH] Disable auto run of NPM package install scripts for security

---
 ansible/roles/nodejs/tasks/main.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ansible/roles/nodejs/tasks/main.yml b/ansible/roles/nodejs/tasks/main.yml
index a443fce..0939a62 100644
--- a/ansible/roles/nodejs/tasks/main.yml
+++ b/ansible/roles/nodejs/tasks/main.yml
@@ -18,3 +18,5 @@
     # --no-bin-links option is needed to prevent npm from creating symlinks in the .bin
     # directory, which doesn't work inside Vagrant on Windows
     no_bin_links: true
+    # Disable automatic running of package install scripts, for security
+    ignore_scripts: true