JavaScript hardening overview
Navigation
Reference
- Overview of the collected data
Config Generator
- Generate (starter) config files based on the info in this overview
Explanation
- Info about this project, the methodology used and other FAQ
GitHub
- Source code & data repository
Sources
- Links that aren't included elsewhere
General settings
Scope
project
global
Tools
npm
yarn-classic
yarn-berry
pnpm
bun-install
Prettify
Amount of newlines between config options:
Comments
Add titles
Add docs url
Minimum release age
in days. Example value (3 days): 3d
docs
in minutes. Example value (3 days): 4320
docs
Block install scripts
Set to true to disable postinstall scripts
docs
pnpm ignores install scripts by default. This checkbox enables strict mode, which makes pnpm exit when finding unforeseen scripts
docs
Block git repo/tarball sources for indirect dependencies
When set to true, only direct dependencies may use exotic sources
docs
Don't install newer versions if security measures decreased
no-downgrade
,
off
When set to no-downgrade, package installation will fail if a package's trust level has decreased
docs
Limit plug & play to listed dependencies
Disable hoisting
,
Strict plug'n'play
By default, semi-strict node_modules are used in pnpm
docs
Anti-lockfile poisoning
Set to true to enable hardened mode: Yarn will query the remote registries to validate that the lockfile content matches the remote information
docs
Output