From 5eb9c2f1248d618d905154e26a804a9ae4ca6039 Mon Sep 17 00:00:00 2001
From: Naomi Carrigan <accounts@nhcarrigan.com>
Date: Mon, 22 Dec 2025 19:15:58 +0100
Subject: [PATCH] feat: automated upload of .npmrc

---
 .npmrc | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/.npmrc b/.npmrc
index b7425b9..6bf91e2 100644
--- a/.npmrc
+++ b/.npmrc
@@ -1 +1,25 @@
-enable-pre-post-scripts=true
\ No newline at end of file
+# Package Manager Configuration
+# Force pnpm usage - breaks npm/yarn intentionally
+node-linker=pnpm
+
+# Security: Disable all lifecycle scripts
+ignore-scripts=true
+enable-pre-post-scripts=false
+
+# Security: Require packages to be 10+ days old before installation
+minimum-release-age=14400
+
+# Security: Verify package integrity hashes
+verify-store-integrity=true
+
+# Security: Enforce strict trust policies
+trust-policy=strict
+
+# Security: Strict peer dependency resolution
+strict-peer-dependencies=true
+
+# Performance: Use symlinks for node_modules
+symlink=true
+
+# Lockfile: Ensure lockfile is not modified during install
+frozen-lockfile=false
\ No newline at end of file