---
created: 2026-06-01 12:45
modified: 2026-06-01 12:45
type: note
tags:
  - ai
  - tools
  - ai-resume
  - security
aliases: []
---
# [[Security NPM packages tools]]

## Check video
source_url: https://www.youtube.com/watch?v=Wq6yMdt11LM

## Set minimum release age
**NPM:** 
- file min-release-age=7 days 
- project ./.npmrc
- global ~/.npmrc
**PNPM:**
- minimumReleaseAge:1000 minutes.
- PROJECT ./.pnpn-workspace.yaml
- global ~/.config/pnpm/config.yaml
**BUN:**
- minimumREleaseAge=604800 seconds
- project ./.ig.toml
- global $HOME/.bunfig.toml
- global $XDG_CONFIG_HOME/.bunfig.toml

##DIsable install scripts
- ignore-scipts=true
- block curated / trusted lists of packages.

## Block gitbased dependecies
**NPM**
- allow-git=none
- allow-git=root
**PNPM** 
- blockExoticSubdps: true
- trustPolicy: no-downgrade

## Scan dependecies
Ensure you use aliases so that these are use before we install.
**Socket Firewall**

**npq** 
source_url: https://github.com/lirantal/npq