From 2a59cba59b51731ba68b5aa012083413652e09f9 Mon Sep 17 00:00:00 2001
From: Karan Shah <64479353+karanshah-browserstack@users.noreply.github.com>
Date: Thu, 11 Jun 2026 11:48:52 +0530
Subject: [PATCH] Add hardened .npmrc for supply-chain security

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
---
 .npmrc | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 .npmrc

diff --git a/.npmrc b/.npmrc
new file mode 100644
index 0000000..65ed4d9
--- /dev/null
+++ b/.npmrc
@@ -0,0 +1,7 @@
+# Supply-chain hardening directives
+ignore-scripts=true
+strict-ssl=true
+save-exact=true
+# engine-strict=true  # disabled: hard-fails `npm ci` on Node 18.20.7 — the repo overrides field pins serialize-javascript@7.0.5 (engines node>=20.0.0), which breaks Cypress-14-supported Node 18. Re-enable only after the serialize-javascript override is constrained to a Node-18-compatible line or Node 18 is officially dropped.
+legacy-peer-deps=false
+audit-level=high