This repository has been configured with npm package security gates to reduce the likelihood of installing compromised packages.
The following .yarnrc.yml files have been added:
- Root:
/.yarnrc.yml - Admin Panel:
/frontends/admin-panel/.yarnrc.yml - Prototypes Functions:
/frontends/prototypes/functions/.yarnrc.yml - Prototypes Admin:
/frontends/prototypes/admin/.yarnrc.yml - Prototype App:
/frontends/prototypes/prototype-app/.yarnrc.yml - Asset Generation:
/nodejs/asset-generation/.yarnrc.yml
Each configuration includes:
npmMinimalAgeGate: 4320 # 72 hours in minutesThe projects are currently using Yarn 1.x, which does not support the npmMinimalAgeGate feature. To enable the security gate, projects need to be upgraded to Yarn 2+ (Berry).
To enable the security feature in a project:
- Navigate to the project directory
- Run:
corepack enable - Run:
corepack prepare yarn@stable --activate - The
.yarnrc.ymlfile is already configured and will take effect
After migration, verify the security gate is active:
yarn config get npmMinimalAgeGate
# Should return: 4320With this configuration, Yarn will reject any npm package that was published less than 72 hours ago, helping to protect against supply chain attacks where malicious packages are quickly published and distributed.