ci: add ignore-scripts to Node package manager config (20260526-184008) (#748)

* ci: enforce ignore-scripts policy for Node package managers

---------

Co-authored-by: securityeng-bot[bot] <219863240+securityeng-bot[bot]@users.noreply.github.com>

.npmrc

@@ -0,0 +1 @@
+ignore-scripts=true

.yarnrc.yml

@@ -0,0 +1 @@
+enableScripts: false

angular/angular/Dockerfile

@@ -5,6 +5,8 @@ FROM --platform=$BUILDPLATFORM node:17.0.1-bullseye-slim as builder
 RUN mkdir /project
 WORKDIR /project
 
+COPY .npmrc .
+COPY .yarnrc.yml .
 RUN npm install -g @angular/cli@13
 
 COPY package.json package-lock.json ./

nginx-nodejs-redis/web/Dockerfile

@@ -3,6 +3,8 @@ FROM node:14.17.3-alpine3.14
 WORKDIR /usr/src/app
 
 COPY package.json package-lock.json ./
+COPY .npmrc .
+COPY .yarnrc.yml .
 RUN npm ci
 COPY ./server.js ./
 

react-express-mongodb/backend/Dockerfile

@@ -7,6 +7,8 @@ WORKDIR /usr/src/app
 
 COPY package.json /usr/src/app/package.json
 COPY package-lock.json /usr/src/app/package-lock.json
+COPY .npmrc .
+COPY .yarnrc.yml .
 RUN npm ci
 
 COPY . /usr/src/app

react-express-mongodb/frontend/Dockerfile

@@ -14,6 +14,8 @@ COPY package-lock.json /usr/src/app
 #RUN npm set progress=false \
 #    && npm config set depth 0 \
 #    && npm i install
+COPY .npmrc .
+COPY .yarnrc.yml .
 RUN npm ci
 
 # Get all the code needed to run the app

react-express-mysql/backend/Dockerfile

@@ -17,6 +17,8 @@ EXPOSE $PORT 9229 9230
 
 COPY package.json /code/package.json
 COPY package-lock.json /code/package-lock.json
+COPY .npmrc .
+COPY .yarnrc.yml .
 RUN npm ci
 
 # check every 30s to ensure this service returns HTTP 200

react-express-mysql/frontend/Dockerfile

@@ -8,6 +8,8 @@ ENV PORT=3000
 WORKDIR /code
 COPY package.json /code/package.json
 COPY package-lock.json /code/package-lock.json
+COPY .npmrc .
+COPY .yarnrc.yml .
 RUN npm ci
 COPY . /code
 

react-java-mysql/frontend/Dockerfile

@@ -6,6 +6,8 @@ WORKDIR /code
 COPY package.json /code/package.json
 COPY package-lock.json /code/package-lock.json
 
+COPY .npmrc .
+COPY .yarnrc.yml .
 RUN npm ci
 COPY . /code
 

react-nginx/Dockerfile

@@ -11,6 +11,8 @@ COPY package.json /app/package.json
 COPY package-lock.json /app/package-lock.json
 
 # Same as npm install
+COPY .npmrc .
+COPY .yarnrc.yml .
 RUN npm ci
 
 COPY . /app

react-rust-postgres/frontend/Dockerfile

@@ -7,6 +7,8 @@ ENV PORT=3000
 WORKDIR /code
 COPY package.json /code/package.json
 COPY package-lock.json /code/package-lock.json
+COPY .npmrc .
+COPY .yarnrc.yml .
 RUN npm ci
 COPY . /code
 

vuejs/vuejs/Dockerfile

@@ -7,6 +7,8 @@ WORKDIR /project
 COPY . .
 
 RUN yarn global add @vue/cli
+COPY .npmrc .
+COPY .yarnrc.yml .
 RUN yarn install
 ENV HOST=0.0.0.0
 CMD ["yarn", "run", "serve"]