Skip to content

chore: gate package install with minimumReleaseAge#65

Draft
tapih wants to merge 2 commits into
masterfrom
claude/cooldown-minimumReleaseAge
Draft

chore: gate package install with minimumReleaseAge#65
tapih wants to merge 2 commits into
masterfrom
claude/cooldown-minimumReleaseAge

Conversation

@tapih
Copy link
Copy Markdown

@tapih tapih commented May 20, 2026

Summary

What

Renovate config に minimumReleaseAge: "7 days" を追加し、 新規 publish 直後の package を 7 日間取り込まないようにする。

Why

knowledge-work/knowledgework #116122 のサプライチェーン対策 (検疫期間設定)。 milo audit (renovate.tsv) で cooldown 未設定として検出された 10 repo のうちの一つ。

References

  • knowledge-work/knowledgework#116122

@tapih @claude
chore: gate package install with minimumReleaseAge (#116122)
3bd79b5 
milo audit で cooldown 未設定として検出されたため、 Renovate config に `minimumReleaseAge: "7 days"` を追加する。

Refs: knowledge-work/knowledgework#116122

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@tapih tapih self-assigned this May 20, 2026
@tapih @claude
chore: deny lifecycle scripts via .npmrc (#116124)
9e0b8eb 
milo policy MUST: 全 JS / TS repo に .npmrc#ignore-scripts=true。
cross-PM (npm 経路 等) で lifecycle script を一律 block する kill switch を
追加し、 save-exact=true も併設する。

Refs: knowledge-work/knowledgework#116124

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@tapih tapih

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tapih