fix: add minimum release age configuration to .npmrc and renovate.json

[chiol]

Summary by CodeRabbit

• Chores
  • Updated dependency management configuration to enforce a minimum release age of 3 days for all npm packages, ensuring only stable and well-tested versions are adopted.

[coderabbitai]

Warning

Rate limit exceeded

@chiol has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 36 minutes and 58 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 41b5be26-678a-4778-bd9f-3cfb7ec9f7c0

📥 Commits

Reviewing files that changed from the base of the PR and between bb9071a and 70b22cb.

📒 Files selected for processing (1)

• .npmrc

Walkthrough

This PR updates dependency management configurations to enforce a 3-day minimum release age for npm packages. The .npmrc file gains a min-release-age=3d setting, and renovate.json adds a matching policy rule for automated dependency updates.

Changes

Package Release Age Enforcement

Layer / File(s)	Summary
Package Manager Configuration \.npmrc	npm package manager configured with min-release-age=3d setting in addition to existing node-linker=hoisted.
Dependency Update Policy renovate.json	Renovate adds a package rule enforcing minimumReleaseAge: "3 days" for npm datasource dependencies.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested reviewers

• jihun

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main changes: adding minimum release age configuration to both .npmrc and renovate.json files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/release-age

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.npmrc:
- Line 2: The .npmrc entry uses an invalid key and value format; replace the
incorrect key "min-release-age" with pnpm's correct key "minimum-release-age"
and change the duration string "3d" to numeric minutes (3 days = 4320), i.e.,
set minimum-release-age=4320 so pnpm enforces the minimum release age policy.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: ba27d723-8305-4c5c-89ce-dc20eb632255

📥 Commits

Reviewing files that changed from the base of the PR and between e30f9b2 and bb9071a.

📒 Files selected for processing (2)

• .npmrc
• renovate.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

For the package manager configured with .npmrcandnode-linker=hoisted(pnpm context), what is the exact supported.npmrckey and value format for minimum package release age? Ismin-release-age=3dvalid, or should it be another key/value (e.g.,minimum-release-age, numeric minutes, etc.)?

💡 Result:

Valid key/value format in.npmrc (pnpm): - Key: minimum-release-age (kebab-case) - Value format: a number of minutes So min-release-age=3d is not valid for pnpm’s .npmrc setting. pnpm expects numeric minutes, e.g. for 3 days: - minimum-release-age=4320 Evidence: - pnpm documents minimumReleaseAge as “Type: number (minutes)” in settings, describing it as the minimum number of minutes after publication before pnpm installs the version [1]. - pnpm’s config reader accepts the kebab-case .npmrc key minimum-release-age (examples in pnpm issues show .npmrc usage like minimum-release-age = 14000) [2]. - The pnpm issue discussing .npmrc casing explicitly notes the correct kebab-case key (minimum-release-age=30240) after a test showed camelCase was not working there [3]. Note: pnpm’s CLI flag --min-release-age exists for npm (and other tools), but for pnpm the setting is described as config-file driven (minimumReleaseAge), and .npmrc uses minimum-release-age with minutes [4][1].

Citations:

• 1: https://pnpm.io/settings
• 2: minimumReleaseAge causes pnpm outdated to fail pnpm/pnpm#10605
• 3: minimumReleaseAge not respected when .npmrc has shared-workspace-lockfile = false pnpm/pnpm#10008
• 4: Add CLI flag --min-release-age=... to set a minimumReleaseAge per-invocation (without config file) pnpm/pnpm#11224

---

Correct .npmrc key and value format for pnpm.

min-release-age=3d is invalid for pnpm's .npmrc. The correct key is minimum-release-age (not min-release-age) and the value must be numeric minutes, not a duration string. For 3 days, use:

minimum-release-age=4320

Without this correction, the minimum release age policy will not be enforced.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.npmrc at line 2, The .npmrc entry uses an invalid key and value format;
replace the incorrect key "min-release-age" with pnpm's correct key
"minimum-release-age" and change the duration string "3d" to numeric minutes (3
days = 4320), i.e., set minimum-release-age=4320 so pnpm enforces the minimum
release age policy.

[jihun]

@chiol
min-release age should be reflected as the following.

min-release-age=3

ref: https://docs.npmjs.com/cli/v11/using-npm/config#min-release-age

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!