From 6550eb172b286e060ceccebfa45811a5ad76b14b Mon Sep 17 00:00:00 2001
From: Liran Tal <liran.tal@gmail.com>
Date: Wed, 13 May 2026 21:44:05 +0300
Subject: [PATCH] build: use secure npm package manager config

---
 .npmrc | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 .npmrc

diff --git a/.npmrc b/.npmrc
new file mode 100644
index 0000000..60e76a4
--- /dev/null
+++ b/.npmrc
@@ -0,0 +1,11 @@
+# npm security best practices
+# Source: https://github.com/lirantal/npm-security-best-practices
+
+# Do not run any lifecycle hook scripts such as postinstall for packages
+ignore-scripts=true
+
+# Do not allow Git / GitHub related sources for packages
+allow-git=none
+
+# Require at least 30 days since package release
+min-release-age=30