mirror of
https://github.com/nocodb/nocodb.git
synced 2026-04-30 15:06:38 +00:00
24 lines
919 B
YAML
24 lines
919 B
YAML
packages:
|
|
- "packages/nocodb-sdk"
|
|
- "packages/nocodb-sdk-v2"
|
|
- "packages/nc-gui"
|
|
- "packages/nc-mail-templates"
|
|
- "packages/nocodb"
|
|
|
|
- "packages/nc-secret-mgr"
|
|
|
|
# Supply chain security settings (pnpm 10.16+)
|
|
# Quarantine newly published versions for 7 days before allowing install.
|
|
# Blocks fast-acting attacks (Axios 1.14.1 was live ~3h, Shai-Hulud ~12h).
|
|
# Use minimumReleaseAgeExclude to bypass for emergency security patches.
|
|
minimumReleaseAge: 10080
|
|
|
|
# Detect when a package loses its provenance guarantees (e.g. previously
|
|
# published via CI, now published from a local machine — signals account compromise).
|
|
# NOTE: Re-enable once oxc-* packages restore provenance attestations.
|
|
# trustPolicy: no-downgrade
|
|
|
|
# Prevent transitive dependencies from pulling code via git+ssh, https tarballs,
|
|
# or other non-registry protocols. Only direct dependencies may use exotic sources.
|
|
blockExoticSubdeps: true
|