From 94fc706b08c67a44a807adf183719b3e2c368e7e Mon Sep 17 00:00:00 2001
From: Test User <john.david.dalton@gmail.com>
Date: Thu, 2 Apr 2026 08:08:30 -0400
Subject: [PATCH] chore: add minimum release age to .npmrc

Add minimum-release-age=10080 (pnpm, minutes) and min-release-age=7
(npm v11+, days) to enforce a 7-day waiting period before installing
newly published packages, reducing supply chain attack risk.
---
 .npmrc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.npmrc b/.npmrc
index 61ab5a8..bfddc78 100644
--- a/.npmrc
+++ b/.npmrc
@@ -2,6 +2,11 @@ ignore-scripts=true
 link-workspace-packages=false
 loglevel=error
 prefer-workspace-packages=false
+# Minimum release age - wait 7 days before installing newly published packages
+# pnpm uses minimum-release-age (minutes), npm v11+ uses min-release-age (days)
+minimum-release-age=10080
+min-release-age=7
+
 trust-policy=no-downgrade
 trust-policy-exclude[]=@yarnpkg/core@4.5.0
 trust-policy-exclude[]=@yarnpkg/libzip@3.2.2