50 lines
980 B
Markdown
50 lines
980 B
Markdown
---
|
|
created: 2026-06-01 12:45
|
|
modified: 2026-06-01 12:45
|
|
type: note
|
|
tags:
|
|
- ai
|
|
- tools
|
|
- ai-resume
|
|
- security
|
|
aliases: []
|
|
---
|
|
# [[Security NPM packages tools]]
|
|
|
|
## Check video
|
|
source_url: https://www.youtube.com/watch?v=Wq6yMdt11LM
|
|
|
|
## Set minimum release age
|
|
**NPM:**
|
|
- file min-release-age=7 days
|
|
- project ./.npmrc
|
|
- global ~/.npmrc
|
|
**PNPM:**
|
|
- minimumReleaseAge:1000 minutes.
|
|
- PROJECT ./.pnpn-workspace.yaml
|
|
- global ~/.config/pnpm/config.yaml
|
|
**BUN:**
|
|
- minimumREleaseAge=604800 seconds
|
|
- project ./.ig.toml
|
|
- global $HOME/.bunfig.toml
|
|
- global $XDG_CONFIG_HOME/.bunfig.toml
|
|
|
|
##DIsable install scripts
|
|
- ignore-scipts=true
|
|
- block curated / trusted lists of packages.
|
|
|
|
## Block gitbased dependecies
|
|
**NPM**
|
|
- allow-git=none
|
|
- allow-git=root
|
|
**PNPM**
|
|
- blockExoticSubdps: true
|
|
- trustPolicy: no-downgrade
|
|
|
|
## Scan dependecies
|
|
Ensure you use aliases so that these are use before we install.
|
|
**Socket Firewall**
|
|
|
|
**npq**
|
|
source_url: https://github.com/lirantal/npq
|