-
Notifications
You must be signed in to change notification settings - Fork 164
Bump NPM version and configure it to be more secure against supply chain attacks #1694
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: develop
Are you sure you want to change the base?
Changes from all commits
2bbfcfa
d4d3a86
8b40f6c
79245ae
84d1325
06b351a
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # --- Security --- | ||
| # Run only minimal lifecycle scripts; block arbitrary install scripts from deps | ||
| ignore-scripts=true | ||
| # Fail install if a package has a known advisory at/above this level | ||
| audit-level=low | ||
| # Always verify package integrity against the lockfile | ||
| package-lock=true | ||
| # Dependency cooldown: only install versions published more than N days ago | ||
| # (requires npm >= 11.10.0; silently ignored on older npm) | ||
| min-release-age=30 | ||
|
|
||
| # --- Reproducibility / supply chain --- | ||
| # Pin exact versions (no ^ or ~) so installs are deterministic | ||
| save-exact=true | ||
| # Enforce the Node/npm range declared in package.json "engines" | ||
| engine-strict=true | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Engine strict without enginesMedium Severity This commit enables Additional Locations (1)Reviewed by Cursor Bugbot for commit 06b351a. Configure here. |
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| v18 | ||
| v26 |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.


Uh oh!
There was an error while loading. Please reload this page.