Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .npmrc

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can add more configs, such as trust level.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

trustPolicy: no-downgrade
minimumReleaseAge: 2880 # 2d
minimumReleaseAgeStrict: true
blockExoticSubdeps: true

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aren't those pnpm flags?

Also why the fuck did npm change the units for minimumReleaseAge? The internet tried to get me to use 1440 days and I had to force push a change.

@H4ad H4ad Jun 9, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

O.o, I swear we were already using pnpm here, I did so many migrations that I only thought this was a feature only for pnpm 😆

Looks like the npm does not have trust factor or block exotic subdeps :/

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If nodejs has a dumpster fire, it's not express, it's npm.

npm warn Unknown project config "minimumReleaseAge". This will stop working in the next major version of npm.

On node 24. wtaf

[Ben_Affleck_Smoking.gif]

Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
minimumReleaseAge=2
Loading