From 7ec39b26a035e5e5f5c27aafe7ddfff3044e2887 Mon Sep 17 00:00:00 2001
From: jdalton <john.david.dalton@gmail.com>
Date: Thu, 2 Apr 2026 08:08:41 -0400
Subject: [PATCH] chore: add minimum release age to .npmrc

Add minimum-release-age=10080 (pnpm, minutes) and min-release-age=7
(npm v11+, days) to enforce a 7-day waiting period before installing
newly published packages, reducing supply chain attack risk.
---
 .npmrc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.npmrc b/.npmrc
index eebd9cd..e0eb723 100644
--- a/.npmrc
+++ b/.npmrc
@@ -6,5 +6,10 @@ link-workspace-packages=false
 loglevel=error
 prefer-workspace-packages=false
 
+# Minimum release age - wait 7 days before installing newly published packages
+# pnpm uses minimum-release-age (minutes), npm v11+ uses min-release-age (days)
+minimum-release-age=10080
+min-release-age=7
+
 # Trust policy - prevent downgrade attacks
 trust-policy=no-downgrade
\ No newline at end of file