dailydotdev
diff --git a/‎.circleci/config.yml‎
Lines changed: 25 additions & 19 deletions b/‎.circleci/config.yml‎
Lines changed: 25 additions & 19 deletions
diff --git a/‎.github/workflows/e2e-tests.yml‎
Lines changed: 6 additions & 3 deletions b/‎.github/workflows/e2e-tests.yml‎
Lines changed: 6 additions & 3 deletions
diff --git a/‎.gitpod.yml‎
Lines changed: 2 additions & 1 deletion b/‎.gitpod.yml‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎AGENTS.md‎
Lines changed: 3 additions & 2 deletions b/‎AGENTS.md‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎Dockerfile‎
Lines changed: 1 addition & 1 deletion b/‎Dockerfile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 10 additions & 2 deletions b/‎README.md‎
Lines changed: 10 additions & 2 deletions
diff --git a/‎package.json‎
Lines changed: 1 addition & 1 deletion b/‎package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/shared/src/components/Feed.tsx‎
Lines changed: 2 additions & 3 deletions b/‎packages/shared/src/components/Feed.tsx‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎packages/shared/src/components/buttons/ToggleClickbaitShield.tsx‎
Lines changed: 2 additions & 4 deletions b/‎packages/shared/src/components/buttons/ToggleClickbaitShield.tsx‎
Lines changed: 2 additions & 4 deletions
diff --git a/‎packages/shared/src/components/cards/common/ClickbaitShield.tsx‎
Lines changed: 2 additions & 4 deletions b/‎packages/shared/src/components/cards/common/ClickbaitShield.tsx‎
Lines changed: 2 additions & 4 deletions
@@ -7,17 +7,20 @@ jobs:
     steps:
       - checkout
       - run:
-          name: Install pnpm
-          command: npm i --prefix=$HOME/.local -g pnpm@9.14.4
+          name: Enable pnpm
+          command: |
+            mkdir -p $HOME/.local/bin
+            corepack enable --install-directory $HOME/.local/bin
+            corepack prepare pnpm@10.33.4 --activate
       - restore_cache:
           keys:
-            - deps-v10-{{ checksum "pnpm-lock.yaml" }}
-            - deps-v10-{{ .Branch }}
+            - deps-pnpm-10-33-4-{{ checksum "pnpm-lock.yaml" }}
+            - deps-pnpm-10-33-4-{{ .Branch }}
       - run:
           name: Install dependencies
           command: pnpm install
       - save_cache:
-          key: deps-v10-{{ checksum "pnpm-lock.yaml" }}
+          key: deps-pnpm-10-33-4-{{ checksum "pnpm-lock.yaml" }}
           paths:
             - ./node_modules
             - ./packages/eslint-config/node_modules
@@ -35,8 +38,8 @@ jobs:
       - checkout
       - restore_cache:
           keys:
-            - deps-v10-{{ checksum "pnpm-lock.yaml" }}
-            - deps-v10-{{ .Branch }}
+            - deps-pnpm-10-33-4-{{ checksum "pnpm-lock.yaml" }}
+            - deps-pnpm-10-33-4-{{ .Branch }}
       - run:
           name: Test
           command: |
@@ -56,8 +59,8 @@ jobs:
       - checkout
       - restore_cache:
           keys:
-            - deps-v10-{{ checksum "pnpm-lock.yaml" }}
-            - deps-v10-{{ .Branch }}
+            - deps-pnpm-10-33-4-{{ checksum "pnpm-lock.yaml" }}
+            - deps-pnpm-10-33-4-{{ .Branch }}
       - run:
           name: Test
           command: |
@@ -77,8 +80,8 @@ jobs:
       - checkout
       - restore_cache:
           keys:
-            - deps-v10-{{ checksum "pnpm-lock.yaml" }}
-            - deps-v10-{{ .Branch }}
+            - deps-pnpm-10-33-4-{{ checksum "pnpm-lock.yaml" }}
+            - deps-pnpm-10-33-4-{{ .Branch }}
       - run:
           name: Lint
           command: npm run pretest
@@ -91,8 +94,8 @@ jobs:
       - checkout
       - restore_cache:
           keys:
-            - deps-v10-{{ checksum "pnpm-lock.yaml" }}
-            - deps-v10-{{ .Branch }}
+            - deps-pnpm-10-33-4-{{ checksum "pnpm-lock.yaml" }}
+            - deps-pnpm-10-33-4-{{ .Branch }}
       - run:
           name: Fetch base branch
           command: git fetch origin main
@@ -107,8 +110,8 @@ jobs:
       - checkout
       - restore_cache:
           keys:
-            - deps-v10-{{ checksum "pnpm-lock.yaml" }}
-            - deps-v10-{{ .Branch }}
+            - deps-pnpm-10-33-4-{{ checksum "pnpm-lock.yaml" }}
+            - deps-pnpm-10-33-4-{{ .Branch }}
       - run:
           name: Test
           command: |
@@ -126,12 +129,15 @@ jobs:
     steps:
       - checkout
       - run:
-          name: Install pnpm
-          command: npm i --prefix=$HOME/.local -g pnpm@9.14.4
+          name: Enable pnpm
+          command: |
+            mkdir -p $HOME/.local/bin
+            corepack enable --install-directory $HOME/.local/bin
+            corepack prepare pnpm@10.33.4 --activate
       - restore_cache:
           keys:
-            - deps-v10-{{ checksum "pnpm-lock.yaml" }}
-            - deps-v10-{{ .Branch }}
+            - deps-pnpm-10-33-4-{{ checksum "pnpm-lock.yaml" }}
+            - deps-pnpm-10-33-4-{{ .Branch }}
       - run:
           name: Install dependencies
           command: pnpm install
 
@@ -11,6 +11,9 @@ on:
         required: true
         type: string
 
+permissions:
+  contents: read
+
 jobs:
   e2e-tests:
     if: >-
@@ -32,7 +35,7 @@ jobs:
     - name: Install pnpm
       uses: pnpm/action-setup@v4
       with:
-        version: 9.14.4
+        version: 10.33.4
 
     - name: Get pnpm store directory
       shell: bash
@@ -43,9 +46,9 @@ jobs:
       uses: actions/cache@v4
       with:
         path: ${{ env.STORE_PATH }}
-        key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+        key: ${{ runner.os }}-pnpm-10.33.4-store-${{ hashFiles('**/pnpm-lock.yaml') }}
         restore-keys: |
-          ${{ runner.os }}-pnpm-store-
+          ${{ runner.os }}-pnpm-10.33.4-store-
 
     - name: Install dependencies
       run: pnpm install --frozen-lockfile
 
@@ -36,7 +36,8 @@ tasks:
       nvm install
       nvm use
     init: |
-      npm i -g pnpm@9.14.4
+      corepack enable
+      corepack prepare pnpm@10.33.4 --activate
       pnpm install
     command: |
       cd packages/webapp
 
@@ -41,7 +41,7 @@ This is a pnpm monorepo containing the daily.dev application suite:
 ## Technology Stack
 
 - **Node.js v24.14** (see `package.json` `volta` and `packageManager` properties, also `.nvmrc`)
-- **pnpm 9.14.4** for package management (see `package.json` `packageManager` property)
+- **pnpm 10.33.4** for package management (see `package.json` `packageManager` property)
 - **TypeScript** across all packages
 - **React 18.3.1** with Next.js 15 for webapp (Pages Router, NOT App Router/Server Components)
 - **TanStack Query v5** for server state and data fetching
@@ -171,7 +171,8 @@ This ensures type safety, reduces duplication, and keeps types automatically in
 ```bash
 # Setup
 nvm use                   # Use correct Node version from .nvmrc
-npm i -g pnpm@9.14.4
+corepack enable
+corepack prepare pnpm@10.33.4 --activate
 pnpm install
 
 # Development
 
@@ -22,7 +22,7 @@ RUN \
   apk --no-cache add \
   libc6-compat
 
-RUN npm i -g pnpm
+RUN corepack enable && corepack prepare pnpm@10.33.4 --activate
 RUN pnpm install
 
 COPY packages ./packages
 
@@ -26,7 +26,7 @@ The decision was made to allow faster iterations and to keep features parity in
 ## Technologies
 
 - Node v24.14 (a `.nvmrc` is presented for [nvm](https://github.com/nvm-sh/nvm) users).
-- [pnpm](https://pnpm.io/workspaces) for managing the monorepo and dependencies.
+- [pnpm](https://pnpm.io/workspaces) 10.33.4 for managing the monorepo and dependencies.
 
 ## Projects
 
@@ -87,10 +87,18 @@ We would appreciate if you dedicate the time and read them carefully:
 After cloning the project, please make sure to run the following commands to bootstrap the project:
 
 ```bash
-npm i -g pnpm@9.14.4
+nvm use
+corepack enable
+corepack prepare pnpm@10.33.4 --activate
 pnpm install
 ```
 
+## Dependency Supply-Chain Hardening
+
+This repo delays newly published package versions for seven days via `minimumReleaseAge: 10080` in `pnpm-workspace.yaml`. Keep using the pinned pnpm version from `package.json`; older pnpm versions do not enforce this setting.
+
+Keep `pnpm-lock.yaml` committed, use frozen-lockfile installs in CI, and avoid adding git or tarball dependencies unless they are reviewed explicitly. If an urgent dependency update must bypass the cooldown, add a temporary `minimumReleaseAgeExclude` entry in `pnpm-workspace.yaml`, review the package contents/provenance first, and remove the exception after the release ages out.
+
 ### Run Extension Locally
 
 Example for Chrome:
 
@@ -15,7 +15,7 @@
     "test:e2e:headed": "pnpm --filter playwright test:headed",
     "test:e2e:ui": "pnpm --filter playwright test:ui"
   },
-  "packageManager": "pnpm@9.14.4",
+  "packageManager": "pnpm@10.33.4",
   "pnpm": {
     "patchedDependencies": {
       "graphql-request@3.7.0": "patches/graphql-request@3.7.0.patch"
 
@@ -67,8 +67,8 @@ import {
   briefCardFeedFeature,
   briefFeedEntrypointPage,
   featureFeedAdTemplate,
-  featureNewD1Experience,
 } from '../lib/featureManagement';
+import { useNewD1ExperienceFeature } from '../hooks/useNewD1ExperienceFeature';
 import type { AwardProps } from '../graphql/njord';
 import { getProductsQueryOptions } from '../graphql/njord';
 import { useUpdateQuery } from '../hooks/useUpdateQuery';
@@ -263,8 +263,7 @@ export default function Feed<T>({
     feature: briefCardFeedFeature,
     shouldEvaluate: shouldEvaluateBriefCard,
   });
-  const { value: isNewD1Experience } = useConditionalFeature({
-    feature: featureNewD1Experience,
+  const { value: isNewD1Experience } = useNewD1ExperienceFeature({
     shouldEvaluate: shouldEvaluateBriefCard,
   });
   const showBriefCard =
 
@@ -21,8 +21,7 @@ import { useAuthContext } from '../../contexts/AuthContext';
 import { webappUrl } from '../../lib/constants';
 import { FeedSettingsMenu } from '../feeds/FeedSettings/types';
 import { Tooltip } from '../tooltip/Tooltip';
-import { useConditionalFeature } from '../../hooks/useConditionalFeature';
-import { featureNewD1Experience } from '../../lib/featureManagement';
+import { useNewD1ExperienceFeature } from '../../hooks/useNewD1ExperienceFeature';
 
 export const ToggleClickbaitShield = ({
   origin,
@@ -41,8 +40,7 @@ export const ToggleClickbaitShield = ({
   const { user } = useAuthContext();
   const { maxTries, hasUsedFreeTrial, triesLeft } = useClickbaitTries();
   const isClickbaitShieldEnabled = flags?.clickbaitShieldEnabled ?? false;
-  const { value: isNewD1Experience } = useConditionalFeature({
-    feature: featureNewD1Experience,
+  const { value: isNewD1Experience } = useNewD1ExperienceFeature({
     shouldEvaluate: !isPlus,
   });
 
 
@@ -17,8 +17,7 @@ import { FeedSettingsMenu } from '../../feeds/FeedSettings/types';
 import { useAuthContext } from '../../../contexts/AuthContext';
 import { webappUrl } from '../../../lib/constants';
 import { Tooltip } from '../../tooltip/Tooltip';
-import { useConditionalFeature } from '../../../hooks/useConditionalFeature';
-import { featureNewD1Experience } from '../../../lib/featureManagement';
+import { useNewD1ExperienceFeature } from '../../../hooks/useNewD1ExperienceFeature';
 
 export const ClickbaitShield = ({
   post,
@@ -33,8 +32,7 @@ export const ClickbaitShield = ({
   const router = useRouter();
   const { user } = useAuthContext();
   const { hasUsedFreeTrial, triesLeft } = useClickbaitTries();
-  const { value: isNewD1Experience } = useConditionalFeature({
-    feature: featureNewD1Experience,
+  const { value: isNewD1Experience } = useNewD1ExperienceFeature({
     shouldEvaluate: !isPlus,
   });