# Supply chain protection: do not run lifecycle scripts (preinstall, install,
# postinstall) on npm install. Blocks worms like "Shai-Hulud" from executing
# on a compromised dependency before we notice. If a package genuinely needs
# its install script, use @lavamoat/allow-scripts to allowlist it.
ignore-scripts=true
