chore: replace .npmrc with pnpm-workspace.yaml

.npmrc

@@ -1,25 +0,0 @@
-# Package Manager Configuration
-# Force pnpm usage - breaks npm/yarn intentionally
-node-linker=pnpm
-
-# Security: Disable all lifecycle scripts
-ignore-scripts=true
-enable-pre-post-scripts=false
-
-# Security: Require packages to be 10+ days old before installation
-minimum-release-age=14400
-
-# Security: Verify package integrity hashes
-verify-store-integrity=true
-
-# Security: Enforce strict trust policies
-trust-policy=strict
-
-# Security: Strict peer dependency resolution
-strict-peer-dependencies=true
-
-# Performance: Use symlinks for node_modules
-symlink=true
-
-# Lockfile: Ensure lockfile is not modified during install
-frozen-lockfile=false

package.json

@@ -31,7 +31,7 @@
     "@nhcarrigan/prettier-config": "1.0.1",
     "@nhcarrigan/typescript-config": "1.0.1",
     "eslint": "8.57.0",
-    "prettier": "3.8.1",
+    "prettier": "2.8.8",
     "typescript": "5.4.5"
   },
   "dependencies": {

pnpm-lock.yaml

@@ -29,10 +29,10 @@ importers:
     devDependencies:
       '@nhcarrigan/eslint-config':
         specifier: 1.1.3
-        version: 1.1.3(eslint@8.57.0)(prettier@3.8.1)(typescript@5.4.5)
+        version: 1.1.3(eslint@8.57.0)(prettier@2.8.8)(typescript@5.4.5)
       '@nhcarrigan/prettier-config':
         specifier: 1.0.1
-        version: 1.0.1(prettier@3.8.1)
+        version: 1.0.1(prettier@2.8.8)
       '@nhcarrigan/typescript-config':
         specifier: 1.0.1
         version: 1.0.1(typescript@5.4.5)
@@ -40,8 +40,8 @@ importers:
         specifier: 8.57.0
         version: 8.57.0
       prettier:
-        specifier: 3.8.1
+        specifier: 2.8.8
-        version: 3.8.1
+        version: 2.8.8
       typescript:
         specifier: 5.4.5
         version: 5.4.5
@@ -1049,9 +1049,9 @@ packages:
     resolution: {integrity: sha512-GbK2cP9nraSSUF9N2XwUwqfzlAFlMNYYl+ShE/V+H8a9uNl/oUqB1w2EL54Jh0OlyRSd8RfWYJ3coVS4TROP2w==}
     engines: {node: '>=6.0.0'}
 
-  prettier@3.8.1:
+  prettier@2.8.8:
-    resolution: {integrity: sha512-UOnG6LftzbdaHZcKoPFtOcCKztrQ57WkHDeRD9t/PTQtmT0NHSeWWepj6pS0z/N7+08BHFDQVUrfmfMRcZwbMg==}
+    resolution: {integrity: sha512-tdN8qQGvNjw4CHbY+XXk0JgCXn9QiF21a55rBe5LJAU+kDyC4WQn4+awm2Xfk2lQMk5fKup9XgzTZtGkjBdP9Q==}
-    engines: {node: '>=14'}
+    engines: {node: '>=10.13.0'}
     hasBin: true
 
   process-warning@4.0.0:
@@ -1468,7 +1468,7 @@ snapshots:
 
   '@humanwhocodes/object-schema@2.0.2': {}
 
-  '@nhcarrigan/eslint-config@1.1.3(eslint@8.57.0)(prettier@3.8.1)(typescript@5.4.5)':
+  '@nhcarrigan/eslint-config@1.1.3(eslint@8.57.0)(prettier@2.8.8)(typescript@5.4.5)':
     dependencies:
       '@typescript-eslint/eslint-plugin': 5.59.5(@typescript-eslint/parser@5.59.5(eslint@8.57.0)(typescript@5.4.5))(eslint@8.57.0)(typescript@5.4.5)
       '@typescript-eslint/parser': 5.59.5(eslint@8.57.0)(typescript@5.4.5)
@@ -1477,7 +1477,7 @@ snapshots:
       eslint-plugin-import: 2.27.5(@typescript-eslint/parser@5.59.5(eslint@8.57.0)(typescript@5.4.5))(eslint@8.57.0)
       eslint-plugin-jsdoc: 41.1.2(eslint@8.57.0)
       eslint-plugin-no-only-tests: 3.1.0
-      eslint-plugin-prettier: 4.2.1(eslint-config-prettier@8.8.0(eslint@8.57.0))(eslint@8.57.0)(prettier@3.8.1)
+      eslint-plugin-prettier: 4.2.1(eslint-config-prettier@8.8.0(eslint@8.57.0))(eslint@8.57.0)(prettier@2.8.8)
     transitivePeerDependencies:
       - eslint-import-resolver-typescript
       - eslint-import-resolver-webpack
@@ -1485,9 +1485,9 @@ snapshots:
       - supports-color
       - typescript
 
-  '@nhcarrigan/prettier-config@1.0.1(prettier@3.8.1)':
+  '@nhcarrigan/prettier-config@1.0.1(prettier@2.8.8)':
     dependencies:
-      prettier: 3.8.1
+      prettier: 2.8.8
 
   '@nhcarrigan/typescript-config@1.0.1(typescript@5.4.5)':
     dependencies:
@@ -1980,10 +1980,10 @@ snapshots:
 
   eslint-plugin-no-only-tests@3.1.0: {}
 
-  eslint-plugin-prettier@4.2.1(eslint-config-prettier@8.8.0(eslint@8.57.0))(eslint@8.57.0)(prettier@3.8.1):
+  eslint-plugin-prettier@4.2.1(eslint-config-prettier@8.8.0(eslint@8.57.0))(eslint@8.57.0)(prettier@2.8.8):
     dependencies:
       eslint: 8.57.0
-      prettier: 3.8.1
+      prettier: 2.8.8
       prettier-linter-helpers: 1.0.0
     optionalDependencies:
       eslint-config-prettier: 8.8.0(eslint@8.57.0)
@@ -2530,7 +2530,7 @@ snapshots:
     dependencies:
       fast-diff: 1.3.0
 
-  prettier@3.8.1: {}
+  prettier@2.8.8: {}
 
   process-warning@4.0.0: {}
 

pnpm-workspace.yaml

@@ -0,0 +1,21 @@
+# Security
+
+# Do not execute any scripts of installed packages (project scripts still run)
+ignoreDepScripts: true
+# Do not automatically run pre/post scripts (e.g. preinstall, postbuild)
+enablePrePostScripts: false
+# Only allow packages published at least 10 days ago (reduces risk of compromised packages)
+minimumReleaseAge: 14400
+# Fail if a package's trust level has decreased compared to previous releases
+trustPolicy: no-downgrade
+# Ignore trust policy for packages published more than 1 year ago (predates provenance signing)
+trustPolicyIgnoreAfter: 525960
+# Fail if there are missing or invalid peer dependencies
+strictPeerDependencies: true
+# Prevent transitive dependencies from using exotic sources (git repos, direct tarball URLs)
+blockExoticSubdeps: true
+
+# Lockfile
+
+# Allow the lockfile to be updated during install (set to true in CI for stricter reproducibility)
+preferFrozenLockfile: false