Skip to content

feat(ACQ-6393): increase pnpm security settings for @airtasker/react-backbone-connect#28

Draft
justinnais wants to merge 1 commit intomasterfrom
feat/ACQ-6393-pnpm-security-settings
Draft

feat(ACQ-6393): increase pnpm security settings for @airtasker/react-backbone-connect#28
justinnais wants to merge 1 commit intomasterfrom
feat/ACQ-6393-pnpm-security-settings

Conversation

@justinnais
Copy link
Contributor

@justinnais justinnais commented Mar 2, 2026

Summary

Apply supply chain security configuration to pnpm-workspace.yaml per the JavaScript Package Manager Configuration guide.

  • Add strictDepBuilds: true — installation fails if any unlisted package attempts to run a lifecycle script
  • Add blockExoticSubdeps: true — blocks transitive dependencies from non-registry sources
  • Normalise minimumReleaseAgeExclude to inline string format

allowBuilds entries to be populated separately.

Closes ACQ-6393

@justinnais @claude
feat(ACQ-6393): increase pnpm security settings for @airtasker/react-…
ba74622 
…backbone-connect

Apply supply chain security configuration per JS Package Manager guide:
- strictDepBuilds: fail if unlisted packages attempt to run scripts
- blockExoticSubdeps: block non-registry dependency sources
- normalise minimumReleaseAgeExclude to inline string format

Note: allowBuilds entries to be populated separately.

Reference: https://airtasker.atlassian.net/wiki/spaces/ENG/pages/4767645728/JavaScript+Package+Manager+Configuration

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@justinnais justinnais self-assigned this Mar 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@justinnais justinnais

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@justinnais