Merge pull request #109 from d-zero-dev/fix/supply-chain-security

fix(repo): add supply chain attack mitigations

Author: YusukeHirao

.github/renovate.json

@@ -12,6 +12,12 @@
 		"enabled": true,
 		"automerge": true
 	},
+	"minimumReleaseAge": "7 days",
+	"internalChecksFilter": "strict",
+	"osvVulnerabilityAlerts": true,
+	"vulnerabilityAlerts": {
+		"minimumReleaseAge": null
+	},
 	"autoApprove": true,
 	"labels": ["Dependencies", "Renovate"],
 	"packageRules": [

.yarnrc.yml

@@ -1,3 +1,6 @@
 nodeLinker: node-modules
 npmRegistryServer: 'https://registry.npmjs.org'
 enableGlobalCache: true
+enableScripts: false
+npmMinimalAgeGate: 7d
+defaultSemverRangePrefix: ''

package.json

@@ -19,7 +19,7 @@
 		"release:alpha:latest": "lerna publish --exact --force-publish --conventional-commits --conventional-prerelease --preid alpha",
 		"release:beta:latest": "lerna publish --exact --force-publish --conventional-commits --conventional-prerelease --preid beta",
 		"release:next": "lerna publish --dist-tag next --exact --force-publish --conventional-commits --conventional-prerelease --preid alpha",
-		"prepare": "husky",
+		"postinstall": "husky",
 		"commit": "npx cz",
 		"co": "npx cz",
 		"update": "yarn upgrade-interactive"