From 1bcd6b5b221a4d26cedeb4438eba40742d18f7b3 Mon Sep 17 00:00:00 2001 From: Hiroshi Muraoka Date: Wed, 20 May 2026 18:01:00 +0900 Subject: [PATCH 1/3] chore: add .npmrc#min-release-age cooldown (#116122) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit milo audit で npm-only project が cooldown 未設定として検出されたため、 `.npmrc#min-release-age=7` (7 days) を追加する。 npm v11.10+ で effective。 Refs: knowledge-work/knowledgework#116122 Co-Authored-By: Claude Opus 4.7 (1M context) --- .npmrc | 1 + 1 file changed, 1 insertion(+) create mode 100644 .npmrc diff --git a/.npmrc b/.npmrc new file mode 100644 index 0000000..7253a5c --- /dev/null +++ b/.npmrc @@ -0,0 +1 @@ +min-release-age=7 From ae6e6b69c7fdbf0d461135a2800a3d67f3600442 Mon Sep 17 00:00:00 2001 From: Hiroshi Muraoka Date: Wed, 20 May 2026 23:29:46 +0900 Subject: [PATCH 2/3] chore: deny lifecycle scripts via .npmrc (#116124) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit milo policy MUST: 全 JS / TS repo に .npmrc#ignore-scripts=true。 cross-PM (npm 経路 等) で lifecycle script を一律 block する kill switch を 追加し、 save-exact=true も併設する。 Refs: knowledge-work/knowledgework#116124 Co-Authored-By: Claude Opus 4.7 (1M context) --- .npmrc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.npmrc b/.npmrc index 7253a5c..bb679a0 100644 --- a/.npmrc +++ b/.npmrc @@ -1 +1,3 @@ min-release-age=7 +ignore-scripts=true +save-exact=true From d7087a6c61ab7992f82fad8bdc3260912b877e74 Mon Sep 17 00:00:00 2001 From: Hiroshi Muraoka Date: Thu, 21 May 2026 16:02:54 +0900 Subject: [PATCH 3/3] chore: pin node via mise MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit cooldown (npm v11.10+ min-release-age) を有効化するため node を mise.toml で固定。 node 24 系は npm 11.x をバンドルしているため min-release-age を そのまま使える。 --- mise.lock | 10 ++++++++++ mise.toml | 2 ++ 2 files changed, 12 insertions(+) create mode 100644 mise.lock create mode 100644 mise.toml diff --git a/mise.lock b/mise.lock new file mode 100644 index 0000000..c15e586 --- /dev/null +++ b/mise.lock @@ -0,0 +1,10 @@ +[[tools.node]] +version = "24.15.0" +backend = "core:node" +"platforms.linux-arm64" = { checksum = "sha256:73afc234d558c24919875f51c2d1ea002a2ada4ea6f83601a383869fefa64eed", url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-linux-arm64.tar.gz"} +"platforms.linux-arm64-musl" = { checksum = "sha256:73afc234d558c24919875f51c2d1ea002a2ada4ea6f83601a383869fefa64eed", url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-linux-arm64.tar.gz"} +"platforms.linux-x64" = { checksum = "sha256:44836872d9aec49f1e6b52a9a922872db9a2b02d235a616a5681b6a85fec8d89", url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-linux-x64.tar.gz"} +"platforms.linux-x64-musl" = { checksum = "sha256:44836872d9aec49f1e6b52a9a922872db9a2b02d235a616a5681b6a85fec8d89", url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-linux-x64.tar.gz"} +"platforms.macos-arm64" = { checksum = "sha256:372331b969779ab5d15b949884fc6eaf88d5afe87bde8ba881d6400b9100ffc4", url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-darwin-arm64.tar.gz"} +"platforms.macos-x64" = { checksum = "sha256:ffd5ee293467927f3ee731a553eb88fd1f48cf74eebc2d74a6babe4af228673b", url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-darwin-x64.tar.gz"} +"platforms.windows-x64" = { checksum = "sha256:cc5149eabd53779ce1e7bdc5401643622d0c7e6800ade18928a767e940bb0e62", url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-win-x64.zip"} diff --git a/mise.toml b/mise.toml new file mode 100644 index 0000000..4581550 --- /dev/null +++ b/mise.toml @@ -0,0 +1,2 @@ +[tools] +node = "24.15.0"