-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbunfig.toml
More file actions
28 lines (23 loc) · 1 KB
/
bunfig.toml
File metadata and controls
28 lines (23 loc) · 1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# Bun Configuration - Supply Chain Security
# See: https://bun.com/docs/runtime/bunfig
[install]
# Enforce deterministic installs (equivalent to --frozen-lockfile)
# This ensures lockfile is not modified during install
frozen = true
# Minimum age (in seconds) before a package can be installed
# Blocks newly-published packages to defend against rapid-publish attacks
# 259200 seconds = 3 days (recommended enterprise setting)
minimumReleaseAge = 259200
# Disable lifecycle scripts by default (already Bun's default, but explicit)
# This prevents malicious postinstall/preinstall scripts from running
# Only packages in trustedDependencies array in package.json can run scripts
allowScripts = false
[install.cache]
# Cache directory for faster installs
# Default is ~/.bun/install/cache
# dir = "~/.bun/install/cache"
# Security Scanner API (Bun v1.3+)
# Uncomment to enable Socket.dev security scanning
# [install.security]
# provider = "socket"
# apiKey = "${SOCKET_API_KEY}" # Set SOCKET_API_KEY environment variable