Merge pull request #55 from BlythT/patch-3

shdwmtr · web-flow · commit 8eee6de1be90 · 2026-03-31T23:34:01.000-03:00
Security: Add pnpm minimumReleaseAge to mitigate NPM supply chain attack vulnerability
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
@@ -4,3 +4,4 @@ onlyBuiltDependencies:
   - esbuild
   - protobufjs
   - re2
+minimumReleaseAge: 1440 # Protect against supply chain attacks by requiring dependencies to be 24h old before installation.
