Skip to content

Commit 4445c47

Browse files
mimarzmimarz
authored
chore: update some pnpm configuration and security docs (#4879)
1 parent 059ea68 commit 4445c47

5 files changed

Lines changed: 45 additions & 37 deletions

File tree

.vscode/settings.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,8 @@
1414
"[css]": {
1515
"editor.defaultFormatter": "biomejs.biome"
1616
},
17-
"typescript.tsdk": "node_modules/typescript/lib",
18-
"typescript.enablePromptUseWorkspaceTsdk": true,
17+
"js/ts.tsdk.path": "node_modules/typescript/lib",
18+
"js/ts.tsdk.promptToUseWorkspaceVersion": true,
1919
"cssvar.files": [
2020
"packages/theme/src/themes/designsystemet.css",
2121
],

SECURITY.md

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,5 +17,11 @@ We use several automated mechanisms to help detect and reduce risk:
1717
- Renovate is configured to *only propose updates for packages that have been published for at least 3 days*.
1818
This allows time for the ecosystem to discover and revert problematic releases.
1919

20-
### pnpm Policies
21-
pnpm is configured to ensure **no dependency version newer than 24 hours** is installed.
20+
### Dependency manager
21+
We use [pnpm](https://pnpm.io) for managing dependencies.
22+
23+
We have cofingured pnpm with the following:
24+
- No dependency version newer than 72 hours is installed.
25+
- Prevent transitive dependencies from using exotic sources.
26+
- By default block script execution for dependencies.
27+
- See `allowedBuilds` in [pnpm-workspace-yaml](./pnpm-workspace.yaml) for whitelisted depedencies

package.json

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,6 @@
4747
"@vitest/browser-playwright": "4.1.5",
4848
"@vitest/coverage-v8": "4.1.5",
4949
"chromatic": "16.6.3",
50-
"just-pnpm": "1.0.2",
5150
"tsconfck": "3.1.6",
5251
"typescript": "5.9.3",
5352
"typescript-plugin-css-modules": "5.2.0",

pnpm-lock.yaml

Lines changed: 25 additions & 18 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pnpm-workspace.yaml

Lines changed: 10 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -3,23 +3,20 @@ packages:
33
- apps/*
44
- plugins/*
55
- internal/*
6-
ignoredBuiltDependencies:
7-
- '@bundled-es-modules/glob'
8-
- '@parcel/watcher'
9-
- rs-module-lexer
10-
- sharp
6+
allowBuilds:
7+
"@biomejs/biome": true
8+
'@parcel/watcher': false
9+
'@swc/core': true
10+
esbuild: true
11+
rs-module-lexer: false
12+
style-dictionary: true
13+
blockExoticSubdeps: true
1114
injectWorkspacePackages: true
12-
minimumReleaseAge: 1440
15+
minimumReleaseAge: 4320
1316
minimumReleaseAgeExclude:
1417
- "@u-elements/*"
15-
onlyBuiltDependencies:
16-
- '@biomejs/biome'
17-
- '@swc/core'
18-
- esbuild
19-
- just-pnpm
20-
- style-dictionary
2118
packageExtensions:
22-
'@navikt/aksel-icons':
19+
"@navikt/aksel-icons":
2320
peerDependencies:
2421
react: ">=18.3.1 || ^19.0.0"
2522
peerDependenciesMeta:
@@ -32,4 +29,3 @@ syncInjectedDepsAfterScripts:
3229
- build:themebuilder
3330
- build:storybook
3431
useNodeVersion: 24.15.0
35-
blockExoticSubdeps: true

0 commit comments

Comments
 (0)