From de1600c08e861e3974a75998f65152c434255fe7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Carlos=20Ch=C3=A1vez?= <jcchavezs@gmail.com>
Date: Thu, 9 Apr 2026 20:07:17 +0200
Subject: [PATCH] fix(security): run npm ci with --ignore-scripts to avoid
 malicious scripts

---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1b96c72..05c908d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -35,7 +35,7 @@ jobs:
           scope: "@auth0"
 
       - name: Install dependencies
-        run: npm ci
+        run: npm ci --ignore-scripts
 
       - name: Validate Commits Messages
         if: github.event_name == 'pull_request'