chore: add .npmrc with supply chain protection (#243)

- save-exact=true: pin exact versions instead of semver ranges
- min-release-age=7: quarantine newly published packages for 7 days

Ref: axios supply chain attack (axios@1.14.1 / plain-crypto-js@4.2.1)

Co-authored-by: Wheeljack <wheeljack@zavi.family>

Author: zainfathoni

.npmrc

@@ -0,0 +1,6 @@
+# Supply chain protection
+# - save-exact: pin to exact versions instead of semver ranges
+# - min-release-age: quarantine newly published packages for 7 days
+#   (blocks typosquatting & fast-publish supply chain attacks like axios@1.14.1)
+save-exact=true
+min-release-age=7