security
Installation
SKILL.md
Security: minimum release age (7 days)
Apply a seven-day maturity window so installs only resolve package versions that have been published long enough for ecosystem signals and takedowns to surface. Each tool uses different units and files—copy the snippets below literally for a 7-day policy.
| Tool | File | Setting | 7-day value |
|---|---|---|---|
| npm | .npmrc (project or user) |
min-release-age |
days → 7 |
| pnpm | pnpm-workspace.yaml |
minimumReleaseAge |
minutes → 10080 |
| Bun | bunfig.toml under [install] |
minimumReleaseAge |
seconds → 604800 |
| uv | pyproject.toml [tool.uv] or uv.toml |
exclude-newer |
duration → "7 days" (or "1 week", P7D) |
Constants: 7 days = 10080 minutes = 604800 seconds.
npm
Add to .npmrc (commit at repo root for team alignment, or set per-user for global behavior):
Related skills