diff --git a/.github/actions/.npmrc b/.github/actions/.npmrc index fdfca0176..a3422e06d 100644 --- a/.github/actions/.npmrc +++ b/.github/actions/.npmrc @@ -1,3 +1,7 @@ registry=https://pkgs.dev.azure.com/azure-public/VisualCpp/_packaging/cpp_PublicPackages/npm/registry/ # Disable postinstall scripts for supply chain security. Allowlist exceptions with npm trust: https://docs.npmjs.com/cli/v11/commands/npm-trust ignore-scripts=true + +min-release-age=7 +audit=true +audit-level=high diff --git a/Extension/.npmrc b/Extension/.npmrc index fdfca0176..a3422e06d 100644 --- a/Extension/.npmrc +++ b/Extension/.npmrc @@ -1,3 +1,7 @@ registry=https://pkgs.dev.azure.com/azure-public/VisualCpp/_packaging/cpp_PublicPackages/npm/registry/ # Disable postinstall scripts for supply chain security. Allowlist exceptions with npm trust: https://docs.npmjs.com/cli/v11/commands/npm-trust ignore-scripts=true + +min-release-age=7 +audit=true +audit-level=high diff --git a/ExtensionPack/.npmrc b/ExtensionPack/.npmrc index 0446fca08..000257fdf 100644 --- a/ExtensionPack/.npmrc +++ b/ExtensionPack/.npmrc @@ -2,3 +2,7 @@ registry=https://pkgs.dev.azure.com/azure-public/VisualCpp/_packaging/cpp_Public always-auth=true # Disable postinstall scripts for supply chain security. Allowlist exceptions with npm trust: https://docs.npmjs.com/cli/v11/commands/npm-trust ignore-scripts=true + +min-release-age=7 +audit=true +audit-level=high diff --git a/Themes/.npmrc b/Themes/.npmrc index 0446fca08..000257fdf 100644 --- a/Themes/.npmrc +++ b/Themes/.npmrc @@ -2,3 +2,7 @@ registry=https://pkgs.dev.azure.com/azure-public/VisualCpp/_packaging/cpp_Public always-auth=true # Disable postinstall scripts for supply chain security. Allowlist exceptions with npm trust: https://docs.npmjs.com/cli/v11/commands/npm-trust ignore-scripts=true + +min-release-age=7 +audit=true +audit-level=high