Skip to content

Commit 2a59cba

Browse files
Add hardened .npmrc for supply-chain security
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
1 parent fc6b10d commit 2a59cba

1 file changed

Lines changed: 7 additions & 0 deletions

File tree

.npmrc

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
# Supply-chain hardening directives
2+
ignore-scripts=true
3+
strict-ssl=true
4+
save-exact=true
5+
# engine-strict=true # disabled: hard-fails `npm ci` on Node 18.20.7 — the repo overrides field pins serialize-javascript@7.0.5 (engines node>=20.0.0), which breaks Cypress-14-supported Node 18. Re-enable only after the serialize-javascript override is constrained to a Node-18-compatible line or Node 18 is officially dropped.
6+
legacy-peer-deps=false
7+
audit-level=high

0 commit comments

Comments
 (0)