Harden NPM install and updates

## Story

As developer, I want our CI process to be as safe as possible - particularly, it should not be possible to harvest credentials via infected NPM packages.

## Acceptance criteria

- [x] We run `npm install` with disabled scripts.  
  https://github.com/TYPO3BestPractices/tea/pull/1952
- [x] We run `npm ci` instead of `npm install`.
- [x] For NPM, dependabot will only provides updates for packages that are at least 3 weeks old.  
  https://github.com/TYPO3BestPractices/tea/pull/1953

## Additional information

https://snyk.io/de/articles/npm-security-best-practices-shai-hulud-attack/


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Harden NPM install and updates #1918

Story

Acceptance criteria

Additional information

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Harden NPM install and updates #1918

Description

Story

Acceptance criteria

Additional information

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions