build: approve scripts we rely on at install time, in prep for npm 12

[joanise]

PR Goal?

With npm 12, scripts will not run unless they are explicitly approved.

See

• https://docs.npmjs.com/cli/v11/commands/npm-approve-scripts
• https://ishu.dev/post/npm-install-scripts-opt-in-rfc-prepare-now-2026-05-20

Fixes?

Future proof our installation procedure, although I'm sure it's going to cause trouble when we bump versions in the package lock and forget to bump script approval. But this is where npm is heading, and that's going to make things safer, so we have to adapt to it.

Feedback sought?

Is it OK to blanket all the scripts we run now just like this? I'm figuring at this point we use these and things are OK. These permissions are pinned, so I'm figuring if a supply chain attack compromises something we use, it won't be able to run and we'll get a chance to audit before we update the allow list.

Priority?

low

Tests added?

n/a

How to test?

When you run npm install on main with a recent version of npm, you'll see this warning:

npm warn allow-scripts 18 packages have install scripts not yet covered by allowScripts:

with this PR, that warning is gone.

You can see it in CI on main vs this PR's branch.

Confidence?

medium

Version change?

no

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
package.json	14% smaller

[github-actions]

PR Preview Action v1.6.3
🚀 View preview at https://ReadAlongs.github.io/Studio-Web/pr-preview/pr-558/
Built to branch gh-pages at 2026-06-03 19:58 UTC. Preview will be ready when the GitHub Pages deployment is complete.