nhcarrigan/blog
9
0
Fork 0
generated from nhcarrigan/template
Code Issues Pull Requests 8 Actions Releases 1 Activity
Files
30415c5e7e789435cc90eec130698d70ee4c8f01
blog/pnpm-workspace.yaml
Hikari 30415c5e7e
Some checks failed
Node.js CI / CI (push) Failing after 17s
Details
Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m19s
Details
chore: replace .npmrc with pnpm-workspace.yaml
2026-03-02 16:26:51 -08:00

22 lines
907 B
YAML
Raw Blame History

# Security
# Do not execute any scripts of installed packages (project scripts still run)
ignoreDepScripts: true
# Do not automatically run pre/post scripts (e.g. preinstall, postbuild)
enablePrePostScripts: false
# Only allow packages published at least 10 days ago (reduces risk of compromised packages)
minimumReleaseAge: 14400
# Fail if a package's trust level has decreased compared to previous releases
trustPolicy: no-downgrade
# Ignore trust policy for packages published more than 1 year ago (predates provenance signing)
trustPolicyIgnoreAfter: 525960
# Fail if there are missing or invalid peer dependencies
strictPeerDependencies: true
# Prevent transitive dependencies from using exotic sources (git repos, direct tarball URLs)
blockExoticSubdeps: true
# Lockfile
# Allow the lockfile to be updated during install (set to true in CI for stricter reproducibility)
preferFrozenLockfile: false
Reference in New Issue View Git Blame Copy Permalink