Intro Your CI pipeline installs dependencies far more often than any developer’s laptop. That frequency makes it the biggest npm attack surface. I recently saw the Bitwarden breach where a hijacked GitHub Action pulled a malicious CLI for 90 minutes and harvested every credential on the runner. Below is the exact 5‑layer playbook we dog‑fooded at ShipWithAI to stop that. Most CI configs still look like this: - uses: actions/checkout@v4 # mutable tag - uses: actions/setup-node@v4 # mutable tag - run: npm install # silent version bumps - run: npm publish # uses stored NPM_TOKEN The red flags are obvious: mutable tags, npm install, long‑lived tokens, no lockfile validation, and no dependency review. Each one is a foothold for an attacker. npm ci npm ci installs only from the lockfile and fails on any mismatch. It also wipes node_modules first, guaranteeing a clean slate. Replace every npm install with: - name: Install deps run: npm ci --ignore-scripts Commit a project‑level .npmrc with ignore-scripts=true, save-exact=true, and audit-level=moderate so every runner inherits the same defaults. Add lockfile-lint to the workflow: - name: Lint lockfile run: npx lockfile-lint --allowed-hosts npmjs.com --validate-https This blocks PRs that tamper with the lockfile source URLs. GitHub’s dependency-review-action flags new or changed dependencies before merge: - name: Dependency review uses: github/dependency-review-action@v2 with: allow-scope: runtime,development Instead of actions/setup-node@v4, use the exact SHA of the release you’ve vetted: - uses: actions/setup-node@d3b0c5f... If a tag gets hijacked, your workflow stays on the trusted commit. Replace static NPM_TOKEN secrets with OIDC tokens: - name: Publish uses: npm/publish-action@v2 with: token-type: oidc GitHub issues a short‑lived token that expires with the job, eliminating long‑lived credential leakage. Switching to npm ci alone caught three silent version bumps in the first week. Adding the full stack stopped a malicious lockfile PR from ever reaching merge and removed the need to store a permanent NPM token. Deterministic installs (npm ci) are non‑negotiable for CI. Validate lockfiles before they touch the runner. Review deps on every PR. Pin actions to immutable SHAs. Publish with OIDC to avoid static secrets. These five layers are easy to copy‑paste into any repo and give you a solid defense against the kind of supply‑chain hijack that hit Bitwarden. Follow me for more concrete SDLC hardening tips and feel free to drop your CI questions in the comments. Originally published at https://shipwithai.io/blog/npm-ci-security-team-playbook/