Commit 0b668ee
committed
chore(yarn): enable hardened mode and supply-chain settings
Extend .yarnrc.yml with the conservative hardening tier:
- enableHardenedMode: strict checksum + integrity validation on the
resolver; rejects any tampering with the lockfile or registry.
- npmMinimalAgeGate: 3d -- refuses to install npm packages younger
than three days, mitigating the typical supply-chain "install a
malicious 0.0.1-published-an-hour-ago" window.
- enableGlobalCache + nmMode: hardlinks-global -- shares package
content across worktrees via the global cache and hardlinks,
reducing duplicate on-disk content and speeding repeat installs.
- enableTelemetry: false -- explicit opt-out from Yarn telemetry.
Install scripts stay enabled in this commit; the
`enableScripts: false` + per-package allowlist follows next so the
two changes can be reverted independently if needed.
Verified `yarn install --immutable` is clean under the new
settings.1 parent ea09e94 commit 0b668ee
1 file changed
Lines changed: 10 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | 3 | | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
4 | 8 | | |
5 | 9 | | |
| 10 | + | |
| 11 | + | |
6 | 12 | | |
7 | 13 | | |
| 14 | + | |
| 15 | + | |
8 | 16 | | |
9 | 17 | | |
| 18 | + | |
| 19 | + | |
10 | 20 | | |
11 | 21 | | |
12 | 22 | | |
0 commit comments