File tree Expand file tree Collapse file tree 1 file changed +32
-0
lines changed
Expand file tree Collapse file tree 1 file changed +32
-0
lines changed Original file line number Diff line number Diff line change 1+ # Security settings for pnpm/npm
2+ # Enforces supply chain security best practices
3+
4+ # Enforce official registry (prevent typosquatting via alternate registries)
5+ registry = https://registry.npmjs.org/
6+
7+ # Require lock file to be up-to-date (fail if package.json doesn't match lock)
8+ prefer-frozen-lockfile = true
9+
10+ # Strict SSL validation
11+ strict-ssl = true
12+
13+ # Fail on missing or invalid peer dependencies
14+ strict-peer-dependencies = true
15+
16+ # Pin exact versions when adding new dependencies
17+ save-exact = true
18+
19+ # Audit level - fail on high/critical vulnerabilities
20+ audit-level = high
21+
22+ # Disable lifecycle scripts (preinstall, postinstall, etc.) to prevent arbitrary code execution
23+ ignore-scripts = true
24+
25+ # Verify integrity of packages in the store before linking to node_modules
26+ verify-store-integrity = true
27+
28+ # Validate that the correct package manager is being used
29+ package-manager-strict = true
30+
31+ # Delay installation of packages published less than 7 days ago
32+ minimum-release-age = 10080
You can’t perform that action at this time.
0 commit comments