chore: replace .npmrc with pnpm-workspace.yaml

Merge pull request 'deps: update typescript to 5.9.3' (#8 ) from dependencies/update-typescript into main
Merge pull request 'deps: update discord.js to 14.25.1' (#3 ) from dependencies/update-discord.js into main
2026-03-02 16:28:39 -08:00 · 2026-02-25 07:03:26 -08:00 · 2026-02-23 20:46:59 -08:00 · 2026-02-23 20:46:58 -08:00 · 2026-02-04 08:40:25 -08:00 · 2026-02-04 08:39:42 -08:00
4 changed files with 299 additions and 300 deletions
@@ -1,25 +0,0 @@
-# Package Manager Configuration
-# Force pnpm usage - breaks npm/yarn intentionally
-node-linker=pnpm
-
-# Security: Disable all lifecycle scripts
-ignore-scripts=true
-enable-pre-post-scripts=false
-
-# Security: Require packages to be 10+ days old before installation
-minimum-release-age=14400
-
-# Security: Verify package integrity hashes
-verify-store-integrity=true
-
-# Security: Enforce strict trust policies
-trust-policy=strict
-
-# Security: Strict peer dependency resolution
-strict-peer-dependencies=true
-
-# Performance: Use symlinks for node_modules
-symlink=true
-
-# Lockfile: Ensure lockfile is not modified during install
-frozen-lockfile=false
@@ -18,14 +18,14 @@
    "@nhcarrigan/eslint-config": "5.2.0",
    "@nhcarrigan/typescript-config": "4.0.0",
    "@types/node": "24.3.0",
-    "eslint": "10.0.0",
+    "eslint": "9.34.0",
    "prisma": "6.15.0",
-    "typescript": "5.9.2"
+    "typescript": "5.9.3"
  },
  "dependencies": {
-    "@nhcarrigan/logger": "1.0.0",
+    "@nhcarrigan/logger": "1.1.1",
    "@prisma/client": "6.15.0",
-    "discord.js": "14.22.1",
+    "discord.js": "14.25.1",
    "fastify": "5.5.0"
  }
 }
@@ -0,0 +1,21 @@
+# Security
+
+# Do not execute any scripts of installed packages (project scripts still run)
+ignoreDepScripts: true
+# Do not automatically run pre/post scripts (e.g. preinstall, postbuild)
+enablePrePostScripts: false
+# Only allow packages published at least 10 days ago (reduces risk of compromised packages)
+minimumReleaseAge: 14400
+# Fail if a package's trust level has decreased compared to previous releases
+trustPolicy: no-downgrade
+# Ignore trust policy for packages published more than 1 year ago (predates provenance signing)
+trustPolicyIgnoreAfter: 525960
+# Fail if there are missing or invalid peer dependencies
+strictPeerDependencies: true
+# Prevent transitive dependencies from using exotic sources (git repos, direct tarball URLs)
+blockExoticSubdeps: true
+
+# Lockfile
+
+# Allow the lockfile to be updated during install (set to true in CI for stricter reproducibility)
+preferFrozenLockfile: false
Author	SHA1	Message	Date
hikari	95cc6d1c44	chore: replace .npmrc with pnpm-workspace.yaml Security Scan and Upload / Security & DefectDojo Upload (push) Failing after 13m57s Details	2026-03-02 16:28:39 -08:00
minori	443b7700c4	Merge pull request 'deps: update typescript to 5.9.3' (#8 ) from dependencies/update-typescript into main Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 2m34s Details	2026-02-25 07:03:26 -08:00
minori	6cd8df9ad3	Merge pull request 'deps: update discord.js to 14.25.1' (#3 ) from dependencies/update-discord.js into main Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m21s Details	2026-02-23 20:46:59 -08:00
minori	564b5cd1d2	Merge pull request 'deps: update @nhcarrigan/logger to 1.1.1' (#1 ) from dependencies/update--nhcarrigan-logger into main Security Scan and Upload / Security & DefectDojo Upload (push) Has been cancelled Details	2026-02-23 20:46:58 -08:00
minori	e4722d864a	deps: update typescript to 5.9.3 Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m37s Details	2026-02-04 08:40:25 -08:00
minori	4288984ff4	deps: update discord.js to 14.25.1 Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m32s Details	2026-02-04 08:39:42 -08:00
minori	6199b4d699	deps: update @nhcarrigan/logger to 1.1.1 Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m26s Details	2026-02-04 08:39:26 -08:00