From 3e22243ff24e08301223b33d55e365d2f81cc307 Mon Sep 17 00:00:00 2001
From: naor-saadia <naor.saadia@transmitsecurity.com>
Date: Thu, 9 Apr 2026 17:39:45 +0300
Subject: [PATCH 1/2] RID-8707: Add min-release-age=7d to protect against
 supply chain attacks

Set npm min-release-age=7d in CI workflows to prevent installing
package versions published less than 7 days ago.

Made-with: Cursor
---
 .github/workflows/ci.yml      | 3 +++
 .github/workflows/release.yml | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 94ed13a..31d70b3 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -29,6 +29,9 @@ jobs:
       - name: Prepare Yarn 3.4.1
         run: corepack prepare yarn@3.4.1 --activate
 
+      - name: Set min-release-age
+        run: echo "min-release-age=7d" >> .npmrc
+
       - name: Install package dependencies
         run: |
           cd package
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5b15d22..cae4823 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -32,6 +32,9 @@ jobs:
       - name: Prepare Yarn 3.4.1
         run: corepack prepare yarn@3.4.1 --activate
 
+      - name: Set min-release-age
+        run: echo "min-release-age=7d" >> .npmrc
+
       - name: Install package dependencies
         run: |
           cd package

From afe23d2ae5b17d629bb589d7e4bb30bc7ebf5ec5 Mon Sep 17 00:00:00 2001
From: naor-saadia <naor.saadia@transmitsecurity.com>
Date: Thu, 9 Apr 2026 17:40:49 +0300
Subject: [PATCH 2/2] RID-8707: Add .npmrc with min-release-age=7d for local
 dev protection

Made-with: Cursor
---
 .npmrc | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .npmrc

diff --git a/.npmrc b/.npmrc
new file mode 100644
index 0000000..fee0cf1
--- /dev/null
+++ b/.npmrc
@@ -0,0 +1 @@
+min-release-age=7d