Skip to content

Commit 94fc706

Browse files
jdaltonjdalton
committed
chore: add minimum release age to .npmrc
Add minimum-release-age=10080 (pnpm, minutes) and min-release-age=7 (npm v11+, days) to enforce a 7-day waiting period before installing newly published packages, reducing supply chain attack risk.
1 parent 889b4af commit 94fc706

1 file changed

Lines changed: 5 additions & 0 deletions

File tree

.npmrc

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,11 @@ ignore-scripts=true
22
link-workspace-packages=false
33
loglevel=error
44
prefer-workspace-packages=false
5+
# Minimum release age - wait 7 days before installing newly published packages
6+
# pnpm uses minimum-release-age (minutes), npm v11+ uses min-release-age (days)
7+
minimum-release-age=10080
8+
min-release-age=7
9+
510
trust-policy=no-downgrade
611
trust-policy-exclude[]=@yarnpkg/core@4.5.0
712
trust-policy-exclude[]=@yarnpkg/libzip@3.2.2

0 commit comments

Comments
 (0)