Skip to content

Update .npmrc#14557

Merged
sean-mcmanus merged 2 commits into
mainfrom
seanmcm/upateNpmRc
Jun 30, 2026
Merged

Update .npmrc#14557
sean-mcmanus merged 2 commits into
mainfrom
seanmcm/upateNpmRc

Conversation

@sean-mcmanus

Copy link
Copy Markdown
Contributor

No description provided.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the repository’s per-package .npmrc files to strengthen supply-chain hygiene during dependency installation across the Extension, ExtensionPack, Themes, and GitHub Actions helper packages.

Changes:

  • Add min-release-age=7 to enforce a minimum package “cooldown” period before newly published versions can be installed.
  • Enable npm auditing via audit=true and set audit-level=high.
  • Apply the same policy consistently across the affected subprojects’ .npmrc files.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

File Description
Themes/.npmrc Adds minimum release age and npm audit settings for the Themes package.
ExtensionPack/.npmrc Adds minimum release age and npm audit settings for the ExtensionPack package.
Extension/.npmrc Adds minimum release age and npm audit settings for the main Extension package.
.github/actions/.npmrc Adds minimum release age and npm audit settings for GitHub Actions dependencies.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread Extension/.npmrc
Comment thread ExtensionPack/.npmrc
Comment thread Themes/.npmrc
Comment thread .github/actions/.npmrc
@sean-mcmanus sean-mcmanus merged commit dd1902a into main Jun 30, 2026
6 checks passed
@sean-mcmanus sean-mcmanus deleted the seanmcm/upateNpmRc branch June 30, 2026 23:16
@github-project-automation github-project-automation Bot moved this from Pull Request to Done in cpptools Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

3 participants