[TT-16966][TT-16971] fix: backport #7995 — fix tslib and npm ci in ci/tests/specs #8065
probelabs / Visor: security
succeeded
Apr 17, 2026 in 24s
✅ Check Passed (Warnings Found)
security check passed. Found 1 warning, but fail_if condition was not met.
Details
📊 Summary
- Total Issues: 1
- Warning Issues: 1
🔍 Failure Condition Results
Passed Conditions
- global_fail_if: Condition passed
Issues by Category
Security (1)
⚠️ ci/tests/specs/Taskfile.yml:15 - Thenpm cicommand executes lifecycle scripts from dependencies by default. The previous command,npm install --ignore-scripts, explicitly disabled this, which is a security best practice to mitigate supply-chain attacks. Re-enabling scripts by default introduces a potential risk, as a compromised dependency could execute malicious code during the CI build process.
Powered by Visor from Probelabs
💡 TIP: You can chat with Visor using /visor ask <your question>
Annotations
Check warning on line 15 in ci/tests/specs/Taskfile.yml
probelabs / Visor: security
security Issue
The `npm ci` command executes lifecycle scripts from dependencies by default. The previous command, `npm install --ignore-scripts`, explicitly disabled this, which is a security best practice to mitigate supply-chain attacks. Re-enabling scripts by default introduces a potential risk, as a compromised dependency could execute malicious code during the CI build process.
Raw output
To maintain the previous security posture and adhere to the principle of least privilege, add the `--ignore-scripts` flag to the `npm ci` command. This should only be omitted if a dependency is known to require scripts for installation.
Loading