milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Only allow wildcards for scoped packages (@scope/*)

Browse source
This commit is contained in:
Sander Declerck 2026-01-15 15:13:00 +01:00
parent 2d609066c8
commit 20cc62d6e1
No known key found for this signature in database
3 changed files with 4 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -214,16 +214,16 @@ You can set the minimum package age through multiple sources (in order of priori
### Excluding Packages
Exclude trusted packages from minimum age filtering via environment variable or config file (both are merged). Supports wildcard patterns with trailing `*`:
Exclude trusted packages from minimum age filtering via environment variable or config file (both are merged). Use `@scope/*` to trust all packages from an organization:
```shell
export SAFE_CHAIN_NPM_MINIMUM_PACKAGE_AGE_EXCLUSIONS="@aikidosec/*,react-*,lodash"
export SAFE_CHAIN_NPM_MINIMUM_PACKAGE_AGE_EXCLUSIONS="@aikidosec/*"
```
```json
{
"npm": {
"minimumPackageAgeExclusions": ["@aikidosec/*", "react-*", "lodash"]
"minimumPackageAgeExclusions": ["@aikidosec/*"]
}
}
```