From c010a0e22370b5012354de30a332e0262e3e51f7 Mon Sep 17 00:00:00 2001
From: jonathanprozzi <jonathanprozzi@gmail.com>
Date: Tue, 31 Mar 2026 12:08:18 -0400
Subject: [PATCH 1/2] chore: add minimumReleaseAge to defend against supply
 chain attacks

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .npmrc | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .npmrc

diff --git a/.npmrc b/.npmrc
new file mode 100644
index 000000000..e595aad2e
--- /dev/null
+++ b/.npmrc
@@ -0,0 +1 @@
+minimum-release-age=10080

From 9bf6b0241dfeb695d6a7864a087f24087b649b27 Mon Sep 17 00:00:00 2001
From: jonathanprozzi <jonathanprozzi@gmail.com>
Date: Tue, 31 Mar 2026 12:19:31 -0400
Subject: [PATCH 2/2] chore: use pnpm-workspace.yaml for minimumReleaseAge
 instead of .npmrc

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .npmrc              | 1 -
 pnpm-workspace.yaml | 2 ++
 2 files changed, 2 insertions(+), 1 deletion(-)
 delete mode 100644 .npmrc

diff --git a/.npmrc b/.npmrc
deleted file mode 100644
index e595aad2e..000000000
--- a/.npmrc
+++ /dev/null
@@ -1 +0,0 @@
-minimum-release-age=10080
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
index b008235c1..40ff820ce 100644
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -3,3 +3,5 @@ packages:
   - 'apps/*'
   # all packages in subdirs of packages/ and components/
   - 'packages/*'
+
+minimumReleaseAge: 10080