chore: add pnpm minimumReleaseAge supply-chain delay (#154)

jaysin586 · claude · web-flow · commit 60c9040e343c · 2026-06-02T15:50:01.000-04:00
Set minimumReleaseAge to 2880 minutes (48h) so newly published dependency
versions must age before install, mitigating supply-chain attacks. Exclude
our own '@humanspeak/*' scope so first-party releases are not delayed.

Co-authored-by: Claude Opus 4.8 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
@@ -1,3 +1,6 @@
 packages:
     - .
     - docs
+minimumReleaseAge: 2880
+minimumReleaseAgeExclude:
+    - '@humanspeak/*'
