chore: adjust pnpm/pip/uv min-release-age

https://cooldowns.dev/
2026-06-11 16:02:43 +02:00 · 2026-06-03 18:12:11 +08:00
parent 92aca13c40
commit 839bd3c330
2 changed files with 15 additions and 3 deletions
@@ -1,9 +1,14 @@
 { config, ... }:
 {
-  # 1. make `npm install -g <pkg>` happey
-  # 2. set min-release-age(in days) for security
+  # make `npm install -g <pkg>` happey
+  # npm - set min-release-age(in days) for supply-chain security
  home.file.".npmrc".text = ''
    prefix=${config.home.homeDirectory}/.npm
    min-release-age=2
  '';
+
+  # npm - set min release age (in minutes) for supply-chain security
+  xdg.configFile."pnpm/config.yaml".text = ''
+    minimumReleaseAge: 2880
+  '';
 }
@@ -1,7 +1,14 @@
 _: {
-  # use mirror for pip install
+  # use pypi mirror
+  # filter packages via upload time for supply-chain security
  xdg.configFile."pip/pip.conf".text = ''
    [global]
    index-url = https://mirrors.bfsu.edu.cn/pypi/web/simple
+
+    [install]
+    uploaded-prior-to = P2D
+  '';
+  xdg.configFile."uv/uv.toml".text = ''
+    exclude-newer = "2 days"
  '';
 }