That's funny. It told me that blocking "npm run build" was the wrong answer. Maybe it doesn't really under The threat model.