mirror of
https://github.com/astral-sh/setup-uv.git
synced 2025-12-25 11:04:24 +00:00
chore: use npm ci --ignore-scripts everywhere (#699)
Like https://github.com/astral-sh/ruff-action/pull/276 🙂 This also adds cooldown stanzas to the Dependabot updater rules: this ensures that we only receive dependency bumps once they're at least a week old, which should reduce the window of opportunity for an attacker who temporarily compromises popular packages (like with "Shai-Hulud" last week). Signed-off-by: William Woodruff <william@astral.sh>
This commit is contained in:
William Woodruff
4
.github/copilot-instructions.md
vendored
4
.github/copilot-instructions.md
vendored
@@ -59,7 +59,7 @@ src/
|
||||
#### 1. Install Dependencies
|
||||
|
||||
```bash
|
||||
npm install
|
||||
npm ci --ignore-scripts
|
||||
```
|
||||
|
||||
**Timing**: ~20-30 seconds
|
||||
@@ -236,7 +236,7 @@ This file is the authoritative source for understanding available action paramet
|
||||
|
||||
### Build Failures
|
||||
|
||||
- **"Module not found"**: Run `npm install` to ensure dependencies are installed
|
||||
- **"Module not found"**: Run `npm ci --ignore-scripts` to ensure dependencies are installed
|
||||
- **TypeScript errors**: Check `tsconfig.json` and ensure all imports are valid
|
||||
- **Test failures**: Check if test fixtures have been modified or if logic changes broke assumptions
|
||||
|
||||
|
||||
Reference in New Issue
Block a user