milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge 8ac7c722b8 into 9453c8c0c9

Browse source
This commit is contained in:
Ethan Setnik 2026-05-21 17:05:02 -04:00 committed by GitHub
commit b68ca0eea9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 906 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

13
README.md
View file

@ -241,9 +241,20 @@ You can set the minimum package age through multiple sources (in order of priori
}
```
4. **pnpm workspace config** (only when invoked as the `pnpm` or `pnpx` shim):
Safe Chain reads `minimumReleaseAge` (in minutes — see [pnpm settings](https://pnpm.io/settings#minimumreleaseage)) from the nearest `pnpm-workspace.yaml`, falling back to a `pnpm` field in `package.json`. Any of the higher-priority sources above override it.
```yaml
# pnpm-workspace.yaml
minimumReleaseAge: 1440 # 24 hours
minimumReleaseAgeExclude:
- "@aikidosec/*"
```
### Excluding Packages
Exclude trusted packages from minimum age filtering via environment variable or config file (both are merged). Use `@scope/*` to trust all packages from an organization:
Exclude trusted packages from minimum age filtering via environment variable or config file (both are merged). When invoked as `pnpm`/`pnpx`, `minimumReleaseAgeExclude` from `pnpm-workspace.yaml` is also merged in. Use `@scope/*` to trust all packages from an organization:
```shell
export SAFE_CHAIN_MINIMUM_PACKAGE_AGE_EXCLUSIONS="@aikidosec/*"