diff --git a/ansible/roles/nodejs/tasks/main.yml b/ansible/roles/nodejs/tasks/main.yml
index a443fce..0939a62 100644
--- a/ansible/roles/nodejs/tasks/main.yml
+++ b/ansible/roles/nodejs/tasks/main.yml
@@ -18,3 +18,5 @@
     # --no-bin-links option is needed to prevent npm from creating symlinks in the .bin
     # directory, which doesn't work inside Vagrant on Windows
     no_bin_links: true
+    # Disable automatic running of package install scripts, for security
+    ignore_scripts: true
diff --git a/tildes/package-lock.json b/tildes/package-lock.json
index 836c497..eca964a 100644
--- a/tildes/package-lock.json
+++ b/tildes/package-lock.json
@@ -1478,9 +1478,9 @@
       "license": "MIT"
     },
     "node_modules/js-yaml": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
-      "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+      "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {