generated from nhcarrigan/template
Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 minori
|
c9648f4cc0 | ||
|
minori
|
4dea218962 |
@@ -0,0 +1,25 @@
|
|||||||
|
# Package Manager Configuration
|
||||||
|
# Force pnpm usage - breaks npm/yarn intentionally
|
||||||
|
node-linker=pnpm
|
||||||
|
|
||||||
|
# Security: Disable all lifecycle scripts
|
||||||
|
ignore-scripts=true
|
||||||
|
enable-pre-post-scripts=false
|
||||||
|
|
||||||
|
# Security: Require packages to be 10+ days old before installation
|
||||||
|
minimum-release-age=14400
|
||||||
|
|
||||||
|
# Security: Verify package integrity hashes
|
||||||
|
verify-store-integrity=true
|
||||||
|
|
||||||
|
# Security: Enforce strict trust policies
|
||||||
|
trust-policy=strict
|
||||||
|
|
||||||
|
# Security: Strict peer dependency resolution
|
||||||
|
strict-peer-dependencies=true
|
||||||
|
|
||||||
|
# Performance: Use symlinks for node_modules
|
||||||
|
symlink=true
|
||||||
|
|
||||||
|
# Lockfile: Ensure lockfile is not modified during install
|
||||||
|
frozen-lockfile=false
|
||||||
+3
-3
@@ -18,13 +18,13 @@
|
|||||||
"@nhcarrigan/eslint-config": "5.2.0",
|
"@nhcarrigan/eslint-config": "5.2.0",
|
||||||
"@nhcarrigan/typescript-config": "4.0.0",
|
"@nhcarrigan/typescript-config": "4.0.0",
|
||||||
"@types/node": "24.2.1",
|
"@types/node": "24.2.1",
|
||||||
"eslint": "9.33.0",
|
"eslint": "10.0.0",
|
||||||
"typescript": "5.9.3"
|
"typescript": "5.9.2"
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@nhcarrigan/discord-analytics": "0.0.6",
|
"@nhcarrigan/discord-analytics": "0.0.6",
|
||||||
"@nhcarrigan/logger": "1.1.1",
|
"@nhcarrigan/logger": "1.1.1",
|
||||||
"discord.js": "14.26.0",
|
"discord.js": "14.21.0",
|
||||||
"fastify": "5.5.0"
|
"fastify": "5.5.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Generated
+290
-288
File diff suppressed because it is too large
Load Diff
@@ -1,21 +0,0 @@
|
|||||||
# Security
|
|
||||||
|
|
||||||
# Do not execute any scripts of installed packages (project scripts still run)
|
|
||||||
ignoreDepScripts: true
|
|
||||||
# Do not automatically run pre/post scripts (e.g. preinstall, postbuild)
|
|
||||||
enablePrePostScripts: false
|
|
||||||
# Only allow packages published at least 10 days ago (reduces risk of compromised packages)
|
|
||||||
minimumReleaseAge: 14400
|
|
||||||
# Fail if a package's trust level has decreased compared to previous releases
|
|
||||||
trustPolicy: no-downgrade
|
|
||||||
# Ignore trust policy for packages published more than 1 year ago (predates provenance signing)
|
|
||||||
trustPolicyIgnoreAfter: 525960
|
|
||||||
# Fail if there are missing or invalid peer dependencies
|
|
||||||
strictPeerDependencies: true
|
|
||||||
# Prevent transitive dependencies from using exotic sources (git repos, direct tarball URLs)
|
|
||||||
blockExoticSubdeps: true
|
|
||||||
|
|
||||||
# Lockfile
|
|
||||||
|
|
||||||
# Allow the lockfile to be updated during install (set to true in CI for stricter reproducibility)
|
|
||||||
preferFrozenLockfile: false
|
|
||||||
Reference in New Issue
Block a user