feat(home/js): deploy ~/.npmrc and ~/.bunfig.toml everywhere
New metacfg.cli-apps.js module (enabled by default) pins minimum release ages for npm and bun across all home configurations, so the mitigation against newly published malicious packages applies uniformly rather than living as untracked dotfiles on one machine.
This commit is contained in:
Harald Hoyer
parent
38d2d4f4ae
commit
b5ae777a4a
3 changed files with 26 additions and 0 deletions
2
config/js/bunfig.toml
Normal file
2
config/js/bunfig.toml
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
[install]
|
||||
minimumReleaseAge = 604800
|
||||
3
config/js/npmrc
Normal file
3
config/js/npmrc
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
min-release-age=7
|
||||
minimum-release-age=10080
|
||||
save-exact=true
|
||||
21
modules/home/cli-apps/js/default.nix
Normal file
21
modules/home/cli-apps/js/default.nix
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (lib) mkIf;
|
||||
inherit (lib.metacfg) mkBoolOpt;
|
||||
|
||||
cfg = config.metacfg.cli-apps.js;
|
||||
in
|
||||
{
|
||||
options.metacfg.cli-apps.js = {
|
||||
enable = mkBoolOpt true "Enable npm and bun config.";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
home.file.".npmrc".source = ../../../../config/js/npmrc;
|
||||
home.file.".bunfig.toml".source = ../../../../config/js/bunfig.toml;
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue