generated from nhcarrigan/template
Compare commits
14 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 minori
|
d4e0cee8fe | ||
 hikari
|
ddc6e0246f | ||
|
minori
|
251c9e89f6 | ||
|
minori
|
521a2766e8 | ||
|
minori
|
04d62bfb09 | ||
|
minori
|
e3c451c378 | ||
|
minori
|
e5fa62cca6 | ||
|
minori
|
9c230b9215 | ||
|
minori
|
3f65e5e076 | ||
|
minori
|
e1deb444c9 | ||
|
minori
|
fe84b4ff3c | ||
|
minori
|
47a80e30ad | ||
|
minori
|
57ceb12fae | ||
|
minori
|
2f8b0ece13 |
@@ -1,25 +0,0 @@
|
|||||||
# Package Manager Configuration
|
|
||||||
# Force pnpm usage - breaks npm/yarn intentionally
|
|
||||||
node-linker=pnpm
|
|
||||||
|
|
||||||
# Security: Disable all lifecycle scripts
|
|
||||||
ignore-scripts=true
|
|
||||||
enable-pre-post-scripts=false
|
|
||||||
|
|
||||||
# Security: Require packages to be 10+ days old before installation
|
|
||||||
minimum-release-age=14400
|
|
||||||
|
|
||||||
# Security: Verify package integrity hashes
|
|
||||||
verify-store-integrity=true
|
|
||||||
|
|
||||||
# Security: Enforce strict trust policies
|
|
||||||
trust-policy=strict
|
|
||||||
|
|
||||||
# Security: Strict peer dependency resolution
|
|
||||||
strict-peer-dependencies=true
|
|
||||||
|
|
||||||
# Performance: Use symlinks for node_modules
|
|
||||||
symlink=true
|
|
||||||
|
|
||||||
# Lockfile: Ensure lockfile is not modified during install
|
|
||||||
frozen-lockfile=false
|
|
||||||
+1
-1
@@ -18,7 +18,7 @@
|
|||||||
"@nhcarrigan/eslint-config": "5.2.0",
|
"@nhcarrigan/eslint-config": "5.2.0",
|
||||||
"eslint": "9.26.0",
|
"eslint": "9.26.0",
|
||||||
"prisma": "6.7.0",
|
"prisma": "6.7.0",
|
||||||
"turbo": "2.5.3"
|
"turbo": "2.8.11"
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@prisma/client": "6.7.0"
|
"@prisma/client": "6.7.0"
|
||||||
|
|||||||
Generated
+69
-7072
File diff suppressed because it is too large
Load Diff
+21
-4
@@ -1,4 +1,21 @@
|
|||||||
packages:
|
# Security
|
||||||
- "client"
|
|
||||||
- "server"
|
# Do not execute any scripts of installed packages (project scripts still run)
|
||||||
- "packages/types"
|
ignoreDepScripts: true
|
||||||
|
# Do not automatically run pre/post scripts (e.g. preinstall, postbuild)
|
||||||
|
enablePrePostScripts: false
|
||||||
|
# Only allow packages published at least 10 days ago (reduces risk of compromised packages)
|
||||||
|
minimumReleaseAge: 14400
|
||||||
|
# Fail if a package's trust level has decreased compared to previous releases
|
||||||
|
trustPolicy: no-downgrade
|
||||||
|
# Ignore trust policy for packages published more than 1 year ago (predates provenance signing)
|
||||||
|
trustPolicyIgnoreAfter: 525960
|
||||||
|
# Fail if there are missing or invalid peer dependencies
|
||||||
|
strictPeerDependencies: true
|
||||||
|
# Prevent transitive dependencies from using exotic sources (git repos, direct tarball URLs)
|
||||||
|
blockExoticSubdeps: true
|
||||||
|
|
||||||
|
# Lockfile
|
||||||
|
|
||||||
|
# Allow the lockfile to be updated during install (set to true in CI for stricter reproducibility)
|
||||||
|
preferFrozenLockfile: false
|
||||||
|
|||||||
Reference in New Issue
Block a user