Skip to content

chore: supply-chain hardening#44

Open
erik1o6 wants to merge 4 commits into
mainfrom
chore/repo-hardening-2026-05-12
Open

chore: supply-chain hardening#44
erik1o6 wants to merge 4 commits into
mainfrom
chore/repo-hardening-2026-05-12

Conversation

@erik1o6

@erik1o6 erik1o6 commented May 11, 2026

Copy link
Copy Markdown

Library hardening: release-age gate in pnpm-workspace.yaml, packageManager pinned (pnpm@9.15.0), .nvmrc, audit/engine-strict/fund. Runtime deps left ranged per library convention.

@erik1o6
chore: supply-chain hardening
1fef34d 
- .npmrc: audit-level=high, engine-strict=true, fund=false (no save-exact — published library)
- pnpm-workspace.yaml: minimumReleaseAge=10080 (7-day release-age gate)
- .nvmrc (20)
- packageManager: pnpm@9.15.0 (root had none; engines.node>=18 already)
- dependabot 7-day cooldown for npm root + packages/euler-v2-sdk

Library: runtime deps left ranged per convention.
VSBDev and others added 3 commits May 14, 2026 20:23
@VSBDev
chore: disable persisted checkout credentials
6518317
@VSBDev
fix: use pinned package manager in workflows
1dcda33
@erik1o6
chore: bump pnpm pin to 11.1.2
4581736 
Advance the existing hardening branch to pnpm 11.1.2 for package-manager pinning and lockfile compatibility where applicable.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@VSBDev VSBDev

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@erik1o6 @VSBDev