Node-Red
/
node-red
mirror of https://github.com/node-red/node-red.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
node-red/.github
History
Dimitrie Hoekstra 3df161c3bc
Add package-lock.json for reproducible dependency chains 
- Remove package-lock.json from .gitignore
- Add validated package-lock.json (Node 20, 1003 packages)
- Update CI workflow to use npm ci instead of npm install
- Update README development instructions to use npm ci

This ensures all developers and CI get identical dependency trees,
protecting against npm supply chain attacks where compromised patch
versions could automatically propagate through semver ranges.

Closes #5424
 		2026-01-07 16:15:12 +01:00
..
ISSUE_TEMPLATE Fix another typo in issue template 2021-07-16 12:34:54 +01:00
scripts Extend release action to update website 2020-07-10 21:46:00 +01:00
workflows Add package-lock.json for reproducible dependency chains 2026-01-07 16:15:12 +01:00
PULL_REQUEST_TEMPLATE.md github: Request `npm run test` in PR template 2023-09-17 08:38:10 +02:00
dependabot.yml Add dependabot for GH Action workflows 2023-09-05 14:11:08 +02:00