Upgrade to Node 24 and add min-release-age

[judeallred]

Summary

• Upgrades Node.js requirement to 24.14.1+ (active LTS)
• Adds min-release-age=1 to .npmrc, telling npm to only resolve package versions published more than 1 day ago
• Supply-chain-attack mitigation: malicious packages are typically flagged within hours, so a 1-day quarantine avoids installing freshly-published compromised versions
• Node 24 ships npm 11.10+, which is required for the min-release-age feature

Test plan

• CI passes with Node 24
• npm install works correctly
• npm ci works correctly
• Application builds and runs successfully

Made with Cursor

---

Note

Medium Risk
Medium risk because it upgrades the Node runtime used by CI workflows and raises the declared engine requirement, which can break builds or local dev if dependencies or tooling aren’t compatible with Node 24.

Overview
Upgrades the project and CI workflows to Node.js 24. GitHub Actions jobs for Crowdin sync and site deploy/review builds now run in node:24/node:24-alpine, and package.json raises the supported engine to >=24.14.1.

Adds npm supply-chain hardening. Introduces .npmrc with min-release-age=1 so installs avoid packages published within the last day.

^{Reviewed by Cursor Bugbot for commit 7f91b59. Bugbot is set up for automated code reviews on this repo. Configure here.}

[danieljperry]

lgtm