From fdb000723500f4250e1b7b0eca64dc642a7684cf Mon Sep 17 00:00:00 2001
From: ryoppippi <1560508+ryoppippi@users.noreply.github.com>
Date: Tue, 27 Jan 2026 17:56:00 +0000
Subject: [PATCH 1/3] chore(pnpm): add security settings for supply chain
 attack prevention

Add strictDepBuilds, blockExoticSubdeps settings to pnpm-workspace.yaml.
These settings protect against supply chain attacks by:

- strictDepBuilds: Blocking lifecycle scripts by default
- blockExoticSubdeps: Blocking non-registry dependencies

The trustPolicy setting was already present but now has proper
documentation comments explaining its purpose.

Reference: https://pnpm.io/settings
---
 pnpm-workspace.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
index 0750d5b..f421301 100644
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -57,6 +57,20 @@ onlyBuiltDependencies:
 
 shellEmulator: true
 
+# Security settings (supply chain attack prevention)
+# See: https://pnpm.io/settings
+
+# Blocks lifecycle scripts (postinstall, etc.) from running in dependencies by default
+# Only packages listed in onlyBuiltDependencies can run build scripts
+# Prevents Shai-Hulud-style worm attacks that exploit automatic script execution
+strictDepBuilds: true
+
+# Blocks dependencies from non-registry sources (Git repos, tarball URLs)
+# Prevents PhantomRaven-style attacks that bypass npm scanning
+blockExoticSubdeps: true
+
+# Prevents trust level downgrades between package versions
+# Blocks installations when publisher credentials downgrade from GitHub OIDC to basic auth
 trustPolicy: no-downgrade
 
 trustPolicyExclude:

From 69e4d425a9f55092175b300f894f0ac721e74ba9 Mon Sep 17 00:00:00 2001
From: ryoppippi <1560508+ryoppippi@users.noreply.github.com>
Date: Tue, 27 Jan 2026 17:56:06 +0000
Subject: [PATCH 2/3] docs(rules): document pnpm security settings and add
 nix-workflow symlink

- Add Security Settings section to pnpm-usage.md explaining the three
  security settings and their purposes
- Add symlink for nix-workflow.md to .cursor/rules for consistency
---
 .claude/rules/pnpm-usage.md    | 15 +++++++++++++++
 .cursor/rules/nix-workflow.mdc |  1 +
 2 files changed, 16 insertions(+)
 create mode 120000 .cursor/rules/nix-workflow.mdc

diff --git a/.claude/rules/pnpm-usage.md b/.claude/rules/pnpm-usage.md
index 66a5330..d47208a 100644
--- a/.claude/rules/pnpm-usage.md
+++ b/.claude/rules/pnpm-usage.md
@@ -44,6 +44,21 @@ fish -c "<command>"
 2. **Binary not found**: Use `pnpm dlx` instead of `pnpm exec`
 3. **Permission errors**: Check node_modules permissions
 
+## Security Settings
+
+The project uses pnpm security settings to protect against supply chain attacks.
+These are configured in `pnpm-workspace.yaml`:
+
+| Setting | Purpose |
+|---------|---------|
+| `strictDepBuilds: true` | Blocks lifecycle scripts (postinstall, etc.) by default. Only packages in `onlyBuiltDependencies` can run build scripts. |
+| `blockExoticSubdeps: true` | Blocks dependencies from non-registry sources (Git repos, tarball URLs). |
+| `trustPolicy: no-downgrade` | Prevents trust level downgrades between versions (e.g., from GitHub OIDC to basic auth). |
+
+If a new dependency requires build scripts, add it to `onlyBuiltDependencies` in `pnpm-workspace.yaml`.
+
+Reference: https://pnpm.io/settings
+
 ## Publishing & Deployment
 
 When ready to release:
diff --git a/.cursor/rules/nix-workflow.mdc b/.cursor/rules/nix-workflow.mdc
new file mode 120000
index 0000000..cc4b748
--- /dev/null
+++ b/.cursor/rules/nix-workflow.mdc
@@ -0,0 +1 @@
+../../.claude/rules/nix-workflow.md
\ No newline at end of file

From 465095ff000b1cace0541378c55808442efe3e30 Mon Sep 17 00:00:00 2001
From: ryoppippi <1560508+ryoppippi@users.noreply.github.com>
Date: Tue, 27 Jan 2026 17:58:34 +0000
Subject: [PATCH 3/3] chore: format pnpm-usage.md table

---
 .claude/rules/pnpm-usage.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.claude/rules/pnpm-usage.md b/.claude/rules/pnpm-usage.md
index d47208a..10ac362 100644
--- a/.claude/rules/pnpm-usage.md
+++ b/.claude/rules/pnpm-usage.md
@@ -49,11 +49,11 @@ fish -c "<command>"
 The project uses pnpm security settings to protect against supply chain attacks.
 These are configured in `pnpm-workspace.yaml`:
 
-| Setting | Purpose |
-|---------|---------|
-| `strictDepBuilds: true` | Blocks lifecycle scripts (postinstall, etc.) by default. Only packages in `onlyBuiltDependencies` can run build scripts. |
-| `blockExoticSubdeps: true` | Blocks dependencies from non-registry sources (Git repos, tarball URLs). |
-| `trustPolicy: no-downgrade` | Prevents trust level downgrades between versions (e.g., from GitHub OIDC to basic auth). |
+| Setting                     | Purpose                                                                                                                  |
+| --------------------------- | ------------------------------------------------------------------------------------------------------------------------ |
+| `strictDepBuilds: true`     | Blocks lifecycle scripts (postinstall, etc.) by default. Only packages in `onlyBuiltDependencies` can run build scripts. |
+| `blockExoticSubdeps: true`  | Blocks dependencies from non-registry sources (Git repos, tarball URLs).                                                 |
+| `trustPolicy: no-downgrade` | Prevents trust level downgrades between versions (e.g., from GitHub OIDC to basic auth).                                 |
 
 If a new dependency requires build scripts, add it to `onlyBuiltDependencies` in `pnpm-workspace.yaml`.