chore: replace .npmrc with pnpm-workspace.yaml

.npmrc

@@ -1,25 +0,0 @@
-# Package Manager Configuration
-# Force pnpm usage - breaks npm/yarn intentionally
-node-linker=pnpm
-
-# Security: Disable all lifecycle scripts
-ignore-scripts=true
-enable-pre-post-scripts=false
-
-# Security: Require packages to be 10+ days old before installation
-minimum-release-age=14400
-
-# Security: Verify package integrity hashes
-verify-store-integrity=true
-
-# Security: Enforce strict trust policies
-trust-policy=strict
-
-# Security: Strict peer dependency resolution
-strict-peer-dependencies=true
-
-# Performance: Use symlinks for node_modules
-symlink=true
-
-# Lockfile: Ensure lockfile is not modified during install
-frozen-lockfile=false

package.json

@@ -16,7 +16,7 @@
   "devDependencies": {
     "@nhcarrigan/eslint-config": "5.2.0",
     "@nhcarrigan/typescript-config": "4.0.0",
-    "@types/node": "25.2.3",
+    "@types/node": "22.15.21",
     "eslint": "9.27.0",
     "typescript": "5.8.3"
   },

pnpm-lock.yaml

@@ -26,13 +26,13 @@ importers:
     devDependencies:
       '@nhcarrigan/eslint-config':
         specifier: 5.2.0
-        version: 5.2.0(@typescript-eslint/utils@8.24.0(eslint@9.27.0)(typescript@5.8.3))(eslint@9.27.0)(playwright@1.50.1)(react@19.0.0)(typescript@5.8.3)(vitest@3.0.5(@types/node@25.2.3))
+        version: 5.2.0(@typescript-eslint/utils@8.24.0(eslint@9.27.0)(typescript@5.8.3))(eslint@9.27.0)(playwright@1.50.1)(react@19.0.0)(typescript@5.8.3)(vitest@3.0.5(@types/node@22.15.21))
       '@nhcarrigan/typescript-config':
         specifier: 4.0.0
         version: 4.0.0(typescript@5.8.3)
       '@types/node':
-        specifier: 25.2.3
-        version: 25.2.3
+        specifier: 22.15.21
+        version: 22.15.21
       eslint:
         specifier: 9.27.0
         version: 9.27.0
@@ -413,61 +413,51 @@ packages:
     resolution: {integrity: sha512-88fSzjC5xeH9S2Vg3rPgXJULkHcLYMkh8faix8DX4h4TIAL65ekwuQMA/g2CXq8W+NJC43V6fUpYZNjaX3+IIg==}
     cpu: [arm]
     os: [linux]
-    libc: [glibc]
 
   '@rollup/rollup-linux-arm-musleabihf@4.34.6':
     resolution: {integrity: sha512-wM4ztnutBqYFyvNeR7Av+reWI/enK9tDOTKNF+6Kk2Q96k9bwhDDOlnCUNRPvromlVXo04riSliMBs/Z7RteEg==}
     cpu: [arm]
     os: [linux]
-    libc: [musl]
 
   '@rollup/rollup-linux-arm64-gnu@4.34.6':
     resolution: {integrity: sha512-9RyprECbRa9zEjXLtvvshhw4CMrRa3K+0wcp3KME0zmBe1ILmvcVHnypZ/aIDXpRyfhSYSuN4EPdCCj5Du8FIA==}
     cpu: [arm64]
     os: [linux]
-    libc: [glibc]
 
   '@rollup/rollup-linux-arm64-musl@4.34.6':
     resolution: {integrity: sha512-qTmklhCTyaJSB05S+iSovfo++EwnIEZxHkzv5dep4qoszUMX5Ca4WM4zAVUMbfdviLgCSQOu5oU8YoGk1s6M9Q==}
     cpu: [arm64]
     os: [linux]
-    libc: [musl]
 
   '@rollup/rollup-linux-loongarch64-gnu@4.34.6':
     resolution: {integrity: sha512-4Qmkaps9yqmpjY5pvpkfOerYgKNUGzQpFxV6rnS7c/JfYbDSU0y6WpbbredB5cCpLFGJEqYX40WUmxMkwhWCjw==}
     cpu: [loong64]
     os: [linux]
-    libc: [glibc]
 
   '@rollup/rollup-linux-powerpc64le-gnu@4.34.6':
     resolution: {integrity: sha512-Zsrtux3PuaxuBTX/zHdLaFmcofWGzaWW1scwLU3ZbW/X+hSsFbz9wDIp6XvnT7pzYRl9MezWqEqKy7ssmDEnuQ==}
     cpu: [ppc64]
     os: [linux]
-    libc: [glibc]
 
   '@rollup/rollup-linux-riscv64-gnu@4.34.6':
     resolution: {integrity: sha512-aK+Zp+CRM55iPrlyKiU3/zyhgzWBxLVrw2mwiQSYJRobCURb781+XstzvA8Gkjg/hbdQFuDw44aUOxVQFycrAg==}
     cpu: [riscv64]
     os: [linux]
-    libc: [glibc]
 
   '@rollup/rollup-linux-s390x-gnu@4.34.6':
     resolution: {integrity: sha512-WoKLVrY9ogmaYPXwTH326+ErlCIgMmsoRSx6bO+l68YgJnlOXhygDYSZe/qbUJCSiCiZAQ+tKm88NcWuUXqOzw==}
     cpu: [s390x]
     os: [linux]
-    libc: [glibc]
 
   '@rollup/rollup-linux-x64-gnu@4.34.6':
     resolution: {integrity: sha512-Sht4aFvmA4ToHd2vFzwMFaQCiYm2lDFho5rPcvPBT5pCdC+GwHG6CMch4GQfmWTQ1SwRKS0dhDYb54khSrjDWw==}
     cpu: [x64]
     os: [linux]
-    libc: [glibc]
 
   '@rollup/rollup-linux-x64-musl@4.34.6':
     resolution: {integrity: sha512-zmmpOQh8vXc2QITsnCiODCDGXFC8LMi64+/oPpPx5qz3pqv0s6x46ps4xoycfUiVZps5PFn1gksZzo4RGTKT+A==}
     cpu: [x64]
     os: [linux]
-    libc: [musl]
 
   '@rollup/rollup-win32-arm64-msvc@4.34.6':
     resolution: {integrity: sha512-3/q1qUsO/tLqGBaD4uXsB6coVGB3usxw3qyeVb59aArCgedSF66MPdgRStUd7vbZOsko/CgVaY5fo2vkvPLWiA==}
@@ -514,8 +504,8 @@ packages:
   '@types/json5@0.0.29':
     resolution: {integrity: sha512-dRLjCWHYg4oaA77cxO64oO+7JwCwnIzkZPdrrC71jQmQtlhM556pwKo5bUzqvZndkVbeFLIIi+9TC40JNF5hNQ==}
 
-  '@types/node@25.2.3':
-    resolution: {integrity: sha512-m0jEgYlYz+mDJZ2+F4v8D1AyQb+QzsNqRuI7xg1VQX/KlKS0qT9r1Mo16yo5F/MtifXFgaofIFsdFMox2SxIbQ==}
+  '@types/node@22.15.21':
+    resolution: {integrity: sha512-EV/37Td6c+MgKAbkcLG6vqZ2zEYHD7bvSrzqqs2RIhbA6w3x+Dqz8MZM3sP6kGTeLrdoOgKZe+Xja7tUB2DNkQ==}
 
   '@types/normalize-package-data@2.4.4':
     resolution: {integrity: sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA==}
@@ -2044,8 +2034,8 @@ packages:
     resolution: {integrity: sha512-nWJ91DjeOkej/TA8pXQ3myruKpKEYgqvpw9lz4OPHj/NWFNluYrjbz9j01CJ8yKQd2g4jFoOkINCTW2I5LEEyw==}
     engines: {node: '>= 0.4'}
 
-  undici-types@7.16.0:
-    resolution: {integrity: sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==}
+  undici-types@6.21.0:
+    resolution: {integrity: sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==}
 
   undici@6.21.1:
     resolution: {integrity: sha512-q/1rj5D0/zayJB2FraXdaWxbhWiNKDvu8naDT2dl1yTlvJp4BLtOcp2a5BvgGNQpYYJzau7tf1WgKv3b+7mqpQ==}
@@ -2436,7 +2426,7 @@ snapshots:
       discord.js: 14.19.3
       node-schedule: 2.1.1
 
-  '@nhcarrigan/eslint-config@5.2.0(@typescript-eslint/utils@8.24.0(eslint@9.27.0)(typescript@5.8.3))(eslint@9.27.0)(playwright@1.50.1)(react@19.0.0)(typescript@5.8.3)(vitest@3.0.5(@types/node@25.2.3))':
+  '@nhcarrigan/eslint-config@5.2.0(@typescript-eslint/utils@8.24.0(eslint@9.27.0)(typescript@5.8.3))(eslint@9.27.0)(playwright@1.50.1)(react@19.0.0)(typescript@5.8.3)(vitest@3.0.5(@types/node@22.15.21))':
     dependencies:
       '@eslint-community/eslint-plugin-eslint-comments': 4.4.1(eslint@9.27.0)
       '@eslint/compat': 1.2.4(eslint@9.27.0)
@@ -2445,7 +2435,7 @@ snapshots:
       '@stylistic/eslint-plugin': 2.12.1(eslint@9.27.0)(typescript@5.8.3)
       '@typescript-eslint/eslint-plugin': 8.19.0(@typescript-eslint/parser@8.19.0(eslint@9.27.0)(typescript@5.8.3))(eslint@9.27.0)(typescript@5.8.3)
       '@typescript-eslint/parser': 8.19.0(eslint@9.27.0)(typescript@5.8.3)
-      '@vitest/eslint-plugin': 1.1.24(@typescript-eslint/utils@8.24.0(eslint@9.27.0)(typescript@5.8.3))(eslint@9.27.0)(typescript@5.8.3)(vitest@3.0.5(@types/node@25.2.3))
+      '@vitest/eslint-plugin': 1.1.24(@typescript-eslint/utils@8.24.0(eslint@9.27.0)(typescript@5.8.3))(eslint@9.27.0)(typescript@5.8.3)(vitest@3.0.5(@types/node@22.15.21))
       eslint: 9.27.0
       eslint-plugin-deprecation: 3.0.0(eslint@9.27.0)(typescript@5.8.3)
       eslint-plugin-import: 2.31.0(@typescript-eslint/parser@8.19.0(eslint@9.27.0)(typescript@5.8.3))(eslint@9.27.0)
@@ -2458,7 +2448,7 @@ snapshots:
       playwright: 1.50.1
       react: 19.0.0
       typescript: 5.8.3
-      vitest: 3.0.5(@types/node@25.2.3)
+      vitest: 3.0.5(@types/node@22.15.21)
     transitivePeerDependencies:
       - '@typescript-eslint/utils'
       - eslint-import-resolver-typescript
@@ -2571,15 +2561,15 @@ snapshots:
 
   '@types/json5@0.0.29': {}
 
-  '@types/node@25.2.3':
+  '@types/node@22.15.21':
     dependencies:
-      undici-types: 7.16.0
+      undici-types: 6.21.0
 
   '@types/normalize-package-data@2.4.4': {}
 
   '@types/ws@8.5.14':
     dependencies:
-      '@types/node': 25.2.3
+      '@types/node': 22.15.21
 
   '@typescript-eslint/eslint-plugin@8.19.0(@typescript-eslint/parser@8.19.0(eslint@9.27.0)(typescript@5.8.3))(eslint@9.27.0)(typescript@5.8.3)':
     dependencies:
@@ -2733,13 +2723,13 @@ snapshots:
       '@typescript-eslint/types': 8.24.0
       eslint-visitor-keys: 4.2.0
 
-  '@vitest/eslint-plugin@1.1.24(@typescript-eslint/utils@8.24.0(eslint@9.27.0)(typescript@5.8.3))(eslint@9.27.0)(typescript@5.8.3)(vitest@3.0.5(@types/node@25.2.3))':
+  '@vitest/eslint-plugin@1.1.24(@typescript-eslint/utils@8.24.0(eslint@9.27.0)(typescript@5.8.3))(eslint@9.27.0)(typescript@5.8.3)(vitest@3.0.5(@types/node@22.15.21))':
     dependencies:
       '@typescript-eslint/utils': 8.24.0(eslint@9.27.0)(typescript@5.8.3)
       eslint: 9.27.0
     optionalDependencies:
       typescript: 5.8.3
-      vitest: 3.0.5(@types/node@25.2.3)
+      vitest: 3.0.5(@types/node@22.15.21)
 
   '@vitest/expect@3.0.5':
     dependencies:
@@ -2748,13 +2738,13 @@ snapshots:
       chai: 5.1.2
       tinyrainbow: 2.0.0
 
-  '@vitest/mocker@3.0.5(vite@6.1.0(@types/node@25.2.3))':
+  '@vitest/mocker@3.0.5(vite@6.1.0(@types/node@22.15.21))':
     dependencies:
       '@vitest/spy': 3.0.5
       estree-walker: 3.0.3
       magic-string: 0.30.17
     optionalDependencies:
-      vite: 6.1.0(@types/node@25.2.3)
+      vite: 6.1.0(@types/node@22.15.21)
 
   '@vitest/pretty-format@3.0.5':
     dependencies:
@@ -4434,7 +4424,7 @@ snapshots:
       has-symbols: 1.1.0
       which-boxed-primitive: 1.1.1
 
-  undici-types@7.16.0: {}
+  undici-types@6.21.0: {}
 
   undici@6.21.1: {}
 
@@ -4453,13 +4443,13 @@ snapshots:
       spdx-correct: 3.2.0
       spdx-expression-parse: 3.0.1
 
-  vite-node@3.0.5(@types/node@25.2.3):
+  vite-node@3.0.5(@types/node@22.15.21):
     dependencies:
       cac: 6.7.14
       debug: 4.4.0
       es-module-lexer: 1.6.0
       pathe: 2.0.2
-      vite: 6.1.0(@types/node@25.2.3)
+      vite: 6.1.0(@types/node@22.15.21)
     transitivePeerDependencies:
       - '@types/node'
       - jiti
@@ -4474,19 +4464,19 @@ snapshots:
       - tsx
       - yaml
 
-  vite@6.1.0(@types/node@25.2.3):
+  vite@6.1.0(@types/node@22.15.21):
     dependencies:
       esbuild: 0.24.2
       postcss: 8.5.2
       rollup: 4.34.6
     optionalDependencies:
-      '@types/node': 25.2.3
+      '@types/node': 22.15.21
       fsevents: 2.3.3
 
-  vitest@3.0.5(@types/node@25.2.3):
+  vitest@3.0.5(@types/node@22.15.21):
     dependencies:
       '@vitest/expect': 3.0.5
-      '@vitest/mocker': 3.0.5(vite@6.1.0(@types/node@25.2.3))
+      '@vitest/mocker': 3.0.5(vite@6.1.0(@types/node@22.15.21))
       '@vitest/pretty-format': 3.0.5
       '@vitest/runner': 3.0.5
       '@vitest/snapshot': 3.0.5
@@ -4502,11 +4492,11 @@ snapshots:
       tinyexec: 0.3.2
       tinypool: 1.0.2
       tinyrainbow: 2.0.0
-      vite: 6.1.0(@types/node@25.2.3)
-      vite-node: 3.0.5(@types/node@25.2.3)
+      vite: 6.1.0(@types/node@22.15.21)
+      vite-node: 3.0.5(@types/node@22.15.21)
       why-is-node-running: 2.3.0
     optionalDependencies:
-      '@types/node': 25.2.3
+      '@types/node': 22.15.21
     transitivePeerDependencies:
       - jiti
       - less

pnpm-workspace.yaml

@@ -0,0 +1,21 @@
+# Security
+
+# Do not execute any scripts of installed packages (project scripts still run)
+ignoreDepScripts: true
+# Do not automatically run pre/post scripts (e.g. preinstall, postbuild)
+enablePrePostScripts: false
+# Only allow packages published at least 10 days ago (reduces risk of compromised packages)
+minimumReleaseAge: 14400
+# Fail if a package's trust level has decreased compared to previous releases
+trustPolicy: no-downgrade
+# Ignore trust policy for packages published more than 1 year ago (predates provenance signing)
+trustPolicyIgnoreAfter: 525960
+# Fail if there are missing or invalid peer dependencies
+strictPeerDependencies: true
+# Prevent transitive dependencies from using exotic sources (git repos, direct tarball URLs)
+blockExoticSubdeps: true
+
+# Lockfile
+
+# Allow the lockfile to be updated during install (set to true in CI for stricter reproducibility)
+preferFrozenLockfile: false