diff --git a/.github/workflows/cve-scanning-node.yml b/.github/workflows/cve-scanning-node.yml
index cd434a766..5ef0b4f5a 100644
--- a/.github/workflows/cve-scanning-node.yml
+++ b/.github/workflows/cve-scanning-node.yml
@@ -20,5 +20,7 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node-version }}
-      - run: npm ci --prod
+      - run: npm config set package-lock false
+      # TODO - this is ignoring package-lock.json
+      - run: npm install --prod
       - run: npx --yes auditjs ossi --whitelist allow-list.json
\ No newline at end of file