-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpnpm-workspace.yaml
More file actions
39 lines (31 loc) · 1.31 KB
/
Copy pathpnpm-workspace.yaml
File metadata and controls
39 lines (31 loc) · 1.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
packages:
- '.'
# Supply-chain hardening (see SECURITY.md). Configured here — pnpm 10+ ignores package.json "pnpm".
# Pin exact versions only (no >=/^/~ ranges). Bump deliberately with lockfile + audit.
overrides:
lodash: '4.18.1'
uuid: '11.1.1'
minimatch: '10.2.5'
form-data: '4.0.6'
# npm dist-tag stable; block 2.23+ beta-channel releases
n8n-workflow: '2.22.3'
# Only these packages may run install/build lifecycle scripts (Mini Shai-Hulud defense).
onlyBuiltDependencies:
- isolated-vm
# Dev-only transitive packages with install scripts we intentionally skip (prebuilt or optional native).
ignoredBuiltDependencies:
- eslint-plugin-n8n-nodes-base
- unrs-resolver
# Wait 24h before installing newly published versions.
minimumReleaseAge: 1440
minimumReleaseAgeStrict: true
# Block git/tarball resolutions in transitive dependencies.
blockExoticSubdeps: true
# Fail install when a dependency has unreviewed postinstall scripts (default true; explicit for clarity).
strictDepBuilds: true
# Enforce package.json engines when resolving deps.
engineStrict: true
# Simulate Node 22.22.3 for dependency engines checks (matches CI and README).
nodeVersion: 22.22.3
# Require the pnpm version declared in package.json "packageManager" (pnpm 10: managePackageManagerVersions).
managePackageManagerVersions: true