Skip to content

Commit 06ecc78

Browse files
coreymartinclaude
authored andcommitted
[js] Enable npmMinimalAgeGate for supply chain security (#25688)
## Summary - Upgrade Yarn 4.5.0 → 4.13.0 (feature introduced in 4.10.0) - Enable `npmMinimalAgeGate: 720` (12 hours) to block resolution of recently-published npm packages, mitigating typosquatting, account takeover, and dependency confusion attacks - Preapprove `@lightsparkdev/*` packages via `npmPreapprovedPackages` so internal workspace dependencies are unaffected Mirrors lightsparkdev/spark#5955 for the webdev JS monorepo. ## Test plan - [x] `yarn config get npmMinimalAgeGate` returns `720` - [x] `yarn config get npmPreapprovedPackages` returns `["@lightsparkdev/*"]` - [x] `yarn install` succeeds with all current lockfile packages (all >12h old) - [x] `yarn --version` returns `4.13.0` - [x] Pre-commit hooks pass (install + format) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> GitOrigin-RevId: ab033a03d7899b8c962e396f9e175b3f08f2fded
1 parent 0f03835 commit 06ecc78

4 files changed

Lines changed: 947 additions & 927 deletions

File tree

.yarn/releases/yarn-4.13.0.cjs

Lines changed: 940 additions & 0 deletions
Large diffs are not rendered by default.

.yarn/releases/yarn-4.5.0.cjs

Lines changed: 0 additions & 925 deletions
This file was deleted.

.yarnrc.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,4 +4,9 @@ enableGlobalCache: false
44

55
nodeLinker: node-modules
66

7-
yarnPath: .yarn/releases/yarn-4.5.0.cjs
7+
npmMinimalAgeGate: 720
8+
9+
npmPreapprovedPackages:
10+
- "@lightsparkdev/*"
11+
12+
yarnPath: .yarn/releases/yarn-4.13.0.cjs

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,5 +71,5 @@
7171
"engines": {
7272
"node": ">=18"
7373
},
74-
"packageManager": "yarn@4.5.0"
74+
"packageManager": "yarn@4.13.0"
7575
}

0 commit comments

Comments
 (0)