Disable npm install scripts#3946
Merged
Merged
Conversation
Collaborator
martincostello
commented
May 12, 2026
martincostello
commented
- Disable npm install scripts.
- Force the registry to be npm.
- Disable npm install scripts. - Force the registry to be npm.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #3946 +/- ##
=======================================
Coverage 95.04% 95.04%
=======================================
Files 111 111
Lines 3958 3958
Branches 801 801
=======================================
Hits 3762 3762
Misses 196 196
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
This PR aims to harden the repo’s Node dependency installation used to build the embedded SwaggerUI/ReDoc assets by (1) disabling npm lifecycle scripts and (2) forcing installs to use the public npm registry.
Changes:
- Add per-package npm configuration to force
registry=https://registry.npmjs.organd disable install scripts. - Update npm lockfiles to align resolved tarball URLs with
registry.npmjs.org.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
src/Swashbuckle.AspNetCore.SwaggerUI/.npmrc |
Adds npm config to force npm registry and disable lifecycle scripts (but filename appears to include an invisible Unicode character). |
src/Swashbuckle.AspNetCore.ReDoc/.npmrc |
Adds npm config to force npm registry and disable lifecycle scripts (but filename appears to include an invisible Unicode character). |
src/Swashbuckle.AspNetCore.SwaggerUI/package-lock.json |
Lockfile resolved URLs point at https://registry.npmjs.org/.... |
src/Swashbuckle.AspNetCore.ReDoc/package-lock.json |
Lockfile resolved URLs point at https://registry.npmjs.org/.... |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This was referenced May 30, 2026
Open
Bump Swashbuckle.AspNetCore from 5.6.3 to 10.2.0
ShetyeRupa/skills-secure-repository-supply-chain#12
Closed
Open
Ghostdog02
pushed a commit
to Ghostdog02/Lexiq
that referenced
this pull request
Jun 2, 2026
Updated [Microsoft.NET.Test.Sdk](https://github.com/microsoft/vstest) from 18.5.1 to 18.6.0. <details> <summary>Release notes</summary> _Sourced from [Microsoft.NET.Test.Sdk's releases](https://github.com/microsoft/vstest/releases)._ ## 18.6.0 ## What's Changed * Revert removal of Video Recorder by @nohwnd in microsoft/vstest#15336 * Speed up blame by filtering non-.NET processes from dump collection by @nohwnd in microsoft/vstest#15518 * Add README.md to NuGet packages by @nohwnd in microsoft/vstest#15550 * Report child process info on connection timeout by @nohwnd in microsoft/vstest#15603 ### Changes to tests and infra * Brand as 18.6 by @nohwnd in microsoft/vstest#15423 * Upgrading code coverage version to 18.5.1, by @fhnaseer in microsoft/vstest#15422 * Updating System.Collections.Immutable to 9.0.11 by @MSLukeWest in microsoft/vstest#15425 * Fix attachVS when used for debugging integration tests by @nohwnd in microsoft/vstest#15451 * Replace dotnet.config, with global.json by @nohwnd in microsoft/vstest#15449 * Document debugging integration tests with AttachVS by @Copilot in microsoft/vstest#15452 * Fix stack overflow tests by @nohwnd in microsoft/vstest#15461 * Make TestAssets.sln buildable locally by @Youssef1313 in microsoft/vstest#15466 * Try filtering out tests by @nohwnd in microsoft/vstest#15463 * Build just once when tfms run in parallel by @nohwnd in microsoft/vstest#15465 * Review simplify compatibility sources, deduplicate tests by @nohwnd in microsoft/vstest#15472 * Cleanup dead TRX code by @Youssef1313 in microsoft/vstest#15474 * Update .NET runtimes to 8.0.25, 9.0.14, and 10.0.4 by @nohwnd in microsoft/vstest#15481 * Compat matrix checker by @nohwnd in microsoft/vstest#15480 * Add trx analysis skill by @nohwnd in microsoft/vstest#15486 * Split integration tests to single tfm and multi tfm project by @nohwnd in microsoft/vstest#15484 * Update matrix by @nohwnd in microsoft/vstest#15477 * Break infinite restore loop in VS by @nohwnd in microsoft/vstest#15503 * Use global package cache for build, and local for running integration tests by @nohwnd in microsoft/vstest#15500 * Update contributing by @nohwnd in microsoft/vstest#15505 * Reduce test wall-clock time by increasing minThreads by @drognanar in microsoft/vstest#15502 * Indicator flakiness by @nohwnd in microsoft/vstest#15513 * Fix ci build by @nohwnd in microsoft/vstest#15515 * Fix thread safety issues by @Evangelink in microsoft/vstest#15512 * Optimize DotnetSDKSimulation_PostProcessing test (163s → 61s) by @nohwnd in microsoft/vstest#15516 * Build isolated test assets for single TFM instead of 7 by @nohwnd in microsoft/vstest#15517 * Remove unused dependencies from Library.IntegrationTests by @nohwnd in microsoft/vstest#15527 * Remove printing _attachments content to console by @nohwnd in microsoft/vstest#15520 * Add Linux/macOS test filtering guide to CONTRIBUTING.md by @nohwnd in microsoft/vstest#15521 * Change integration test parallelization from ClassLevel to MethodLevel by @nohwnd in microsoft/vstest#15526 * Unify target framework checks with IsNetFrameworkTarget/IsNetTarget by @nohwnd in microsoft/vstest#15523 * Add unattended work instructions to copilot-instructions.md by @nohwnd in microsoft/vstest#15531 * Reduce code style rule severity from warning to suggestion by @nohwnd in microsoft/vstest#15522 * Remove Debug/Release line number branching from tests by @nohwnd in microsoft/vstest#15519 * Revise unattended work instructions in copilot-instructions.md by @nohwnd in microsoft/vstest#15532 * Improve CompatibilityRowsBuilder error message with diagnostic details by @nohwnd in microsoft/vstest#15529 * docs: add git worktree and upstream sync workflow to copilot-instructions.md by @nohwnd in microsoft/vstest#15538 * Add VSIX runner to smoke tests by @nohwnd in microsoft/vstest#15541 * Remove deprecated WebTest and TMI test methods by @nohwnd in microsoft/vstest#15525 * Fix compatibility test failures for legacy vstest.console and MSTest adapter by @nohwnd in microsoft/vstest#15534 * Convert TestPlatform.sln to slnx format by @nohwnd in microsoft/vstest#15551 * Convert test/TestAssets .sln files to .slnx format by @nohwnd in microsoft/vstest#15557 ... (truncated) Commits viewable in [compare view](microsoft/vstest@v18.5.1...v18.6.0). </details> Updated [Swashbuckle.AspNetCore](https://github.com/domaindrivendev/Swashbuckle.AspNetCore) from 10.1.7 to 10.2.1. <details> <summary>Release notes</summary> _Sourced from [Swashbuckle.AspNetCore's releases](https://github.com/domaindrivendev/Swashbuckle.AspNetCore/releases)._ ## 10.2.1 ## What's Changed * Update Microsoft.OpenApi to 2.7.5 to pick up fix for GHSA-v5pm-xwqc-g5wc by @martincostello in domaindrivendev/Swashbuckle.AspNetCore#3974 **Full Changelog**: domaindrivendev/Swashbuckle.AspNetCore@v10.2.0...v10.2.1 ## 10.2.0 ## What's Changed * Add `MapSwaggerUI` and `MapReDoc` to support endpoint routing by @Strepto in domaindrivendev/Swashbuckle.AspNetCore#3822 * Bump version to 10.2.0 by @martincostello in domaindrivendev/Swashbuckle.AspNetCore#3872 * Bump swagger-ui-dist from 5.32.1 to 5.32.2 by @dependabot in domaindrivendev/Swashbuckle.AspNetCore#3883 * Support `HEAD` requests by @snebjorn in domaindrivendev/Swashbuckle.AspNetCore#3887 * Use `IAsyncSwaggerProvider` in CLI `tofile` command by @bt-Knodel in domaindrivendev/Swashbuckle.AspNetCore#3910 * Pin runner images by @martincostello in domaindrivendev/Swashbuckle.AspNetCore#3944 * Disable npm install scripts by @martincostello in domaindrivendev/Swashbuckle.AspNetCore#3946 * Bump redoc from 2.5.2 to 2.5.3 by @dependabot in domaindrivendev/Swashbuckle.AspNetCore#3967 ## New Contributors * @Strepto made their first contribution in domaindrivendev/Swashbuckle.AspNetCore#3822 * @snebjorn made their first contribution in domaindrivendev/Swashbuckle.AspNetCore#3887 * @bt-Knodel made their first contribution in domaindrivendev/Swashbuckle.AspNetCore#3910 **Full Changelog**: domaindrivendev/Swashbuckle.AspNetCore@v10.1.7...v10.2.0 Commits viewable in [compare view](domaindrivendev/Swashbuckle.AspNetCore@v10.1.7...v10.2.1). </details> Updated [Swashbuckle.AspNetCore.SwaggerUI](https://github.com/domaindrivendev/Swashbuckle.AspNetCore) from 10.1.7 to 10.2.1. <details> <summary>Release notes</summary> _Sourced from [Swashbuckle.AspNetCore.SwaggerUI's releases](https://github.com/domaindrivendev/Swashbuckle.AspNetCore/releases)._ ## 10.2.1 ## What's Changed * Update Microsoft.OpenApi to 2.7.5 to pick up fix for GHSA-v5pm-xwqc-g5wc by @martincostello in domaindrivendev/Swashbuckle.AspNetCore#3974 **Full Changelog**: domaindrivendev/Swashbuckle.AspNetCore@v10.2.0...v10.2.1 ## 10.2.0 ## What's Changed * Add `MapSwaggerUI` and `MapReDoc` to support endpoint routing by @Strepto in domaindrivendev/Swashbuckle.AspNetCore#3822 * Bump version to 10.2.0 by @martincostello in domaindrivendev/Swashbuckle.AspNetCore#3872 * Bump swagger-ui-dist from 5.32.1 to 5.32.2 by @dependabot in domaindrivendev/Swashbuckle.AspNetCore#3883 * Support `HEAD` requests by @snebjorn in domaindrivendev/Swashbuckle.AspNetCore#3887 * Use `IAsyncSwaggerProvider` in CLI `tofile` command by @bt-Knodel in domaindrivendev/Swashbuckle.AspNetCore#3910 * Pin runner images by @martincostello in domaindrivendev/Swashbuckle.AspNetCore#3944 * Disable npm install scripts by @martincostello in domaindrivendev/Swashbuckle.AspNetCore#3946 * Bump redoc from 2.5.2 to 2.5.3 by @dependabot in domaindrivendev/Swashbuckle.AspNetCore#3967 ## New Contributors * @Strepto made their first contribution in domaindrivendev/Swashbuckle.AspNetCore#3822 * @snebjorn made their first contribution in domaindrivendev/Swashbuckle.AspNetCore#3887 * @bt-Knodel made their first contribution in domaindrivendev/Swashbuckle.AspNetCore#3910 **Full Changelog**: domaindrivendev/Swashbuckle.AspNetCore@v10.1.7...v10.2.0 Commits viewable in [compare view](domaindrivendev/Swashbuckle.AspNetCore@v10.1.7...v10.2.1). </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This was referenced Jun 2, 2026
Open
Open
Open
Open
Bump Swashbuckle.AspNetCore from 5.6.3 to 10.2.1
Chris-tiee/skills-secure-repository-supply-chain#12
Open
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.