]> Piment Noir Git Repositories - poolifier.git/commitdiff
repositories / poolifier.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7d4fc8c)
ci(renovate): enforce 3-day minimum release age for npm packages
authorJérôme Benoit <jerome.benoit@piment-noir.org>
Tue, 26 May 2026 17:47:40 +0000 (19:47 +0200)
committerJérôme Benoit <jerome.benoit@piment-noir.org>
Tue, 26 May 2026 17:47:40 +0000 (19:47 +0200)
Extend the Renovate config with the official 'security:minimumReleaseAgeNpm'
preset so that Renovate waits 3 days after publication before creating PRs
for any npm/pnpm dependency. This adds a buffer against unpublished or
freshly-broken releases (e.g. malicious packages, npm unpublish window,
transient registry/lockfile resolution issues).

renovate.json patch | blob | blame | history

diff --git a/renovate.json b/renovate.json
index 8346acb3c1c23f1d9df4ab6a41a96ba3aff5501b..4dd0f25572edd0d7073eded95441956eb2b7e9e9 100644 (file)
--- a/renovate.json
+++ b/renovate.json
@@ -6,7 +6,8 @@
     ":configMigration",
     "group:allNonMajor",
     "schedule:daily",
-    ":maintainLockFilesWeekly"
+    ":maintainLockFilesWeekly",
+    "security:minimumReleaseAgeNpm"
   ],
   "packageRules": [
     {
Fast and small Node.js thread pool implementation mirror - https://github.com/poolifier/poolifier