diff --git a/.github/actions/.npmrc b/.github/actions/.npmrc
index d8324806f..0446fca08 100644
--- a/.github/actions/.npmrc
+++ b/.github/actions/.npmrc
@@ -1,2 +1,4 @@
 registry=https://pkgs.dev.azure.com/azure-public/VisualCpp/_packaging/cpp_PublicPackages/npm/registry/
-always-auth=true
\ No newline at end of file
+always-auth=true
+# Disable postinstall scripts for supply chain security. Allowlist exceptions with npm trust: https://docs.npmjs.com/cli/v11/commands/npm-trust
+ignore-scripts=true
diff --git a/Extension/.npmrc b/Extension/.npmrc
index d8324806f..0446fca08 100644
--- a/Extension/.npmrc
+++ b/Extension/.npmrc
@@ -1,2 +1,4 @@
 registry=https://pkgs.dev.azure.com/azure-public/VisualCpp/_packaging/cpp_PublicPackages/npm/registry/
-always-auth=true
\ No newline at end of file
+always-auth=true
+# Disable postinstall scripts for supply chain security. Allowlist exceptions with npm trust: https://docs.npmjs.com/cli/v11/commands/npm-trust
+ignore-scripts=true
diff --git a/ExtensionPack/.npmrc b/ExtensionPack/.npmrc
index d8324806f..0446fca08 100644
--- a/ExtensionPack/.npmrc
+++ b/ExtensionPack/.npmrc
@@ -1,2 +1,4 @@
 registry=https://pkgs.dev.azure.com/azure-public/VisualCpp/_packaging/cpp_PublicPackages/npm/registry/
-always-auth=true
\ No newline at end of file
+always-auth=true
+# Disable postinstall scripts for supply chain security. Allowlist exceptions with npm trust: https://docs.npmjs.com/cli/v11/commands/npm-trust
+ignore-scripts=true
diff --git a/Themes/.npmrc b/Themes/.npmrc
index d8324806f..0446fca08 100644
--- a/Themes/.npmrc
+++ b/Themes/.npmrc
@@ -1,2 +1,4 @@
 registry=https://pkgs.dev.azure.com/azure-public/VisualCpp/_packaging/cpp_PublicPackages/npm/registry/
-always-auth=true
\ No newline at end of file
+always-auth=true
+# Disable postinstall scripts for supply chain security. Allowlist exceptions with npm trust: https://docs.npmjs.com/cli/v11/commands/npm-trust
+ignore-scripts=true