@zen-agentchecks…zen/supply-chain-min-release-age-fvvpww → main1 files · +8 −1updated 2mo agoAdds minimum-release-age=10080 (7 days in minutes) to .npmrc to protect against supply chain attacks.
When enforced (pnpm >=10.16, npm >=11), this prevents resolving any package version published less than 7 days ago. Most compromised packages are detected and removed within hours — a 7-day window ensures we never pull a poisoned version.
References:
.npmrc syntax is valid.npmrc keys gracefully — no behavioral change until upgradeOrigin: cron-fcf1f1e3efa9 / zen-cron-4bd55921c208
Codex review: N/A (config-only change, no code)
CI: No workflows triggered for .npmrc-only changes (expected — dashboard CI is Tenant Data Isolation for code changes only)
Review comments: None to address
Ready for merge.
The latest updates on your projects. Learn more about Vercel for GitHub.
| Project | Deployment | Actions | Updated (UTC) |
|---|---|---|---|
| dashboard |  Ready | Preview, Comment | Apr 13, 2026 7:15am |