Add npm package age verification system

Problem: Need to ensure all npm packages are at least 2 weeks old before use Solution: - Created check-package-age.js script to verify package publish dates - Added .npmrc to enforce exact version installation - Created pin-old-versions.sh helper script - Documented complete workflow in NPM-PACKAGE-AGE-POLICY.md Usage: node scripts/check-package-age.js # Verify all packages ≥ 2 weeks old npm ci # Install exact versions from lock file 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-17 08:43:38 -05:00
parent e08ab62a32
commit 4a270dbfe3
4 changed files with 374 additions and 0 deletions
--- a/scripts/pin-old-versions.sh
+++ b/scripts/pin-old-versions.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# Pin npm packages to versions that are at least 2 weeks old
+# This script helps ensure compliance with package age requirements
+
+set -e
+
+echo "========================================="
+echo "Pin NPM Packages to Old Versions"
+echo "========================================="
+echo ""
+
+cd frontend
+
+echo "Step 1: Checking current package ages..."
+node ../scripts/check-package-age.js || {
+  echo ""
+  echo "Some packages are too new. Recommendations:"
+  echo "1. Manually downgrade packages in package.json to older versions"
+  echo "2. Run: npm install --package-lock-only to update lock file"
+  echo "3. Re-run this script to verify"
+  exit 1
+}
+
+echo ""
+echo "Step 2: Ensuring package-lock.json uses exact versions..."
+if [ -f "package-lock.json" ]; then
+  echo "✓ package-lock.json exists"
+else
+  echo "⚠ package-lock.json does not exist. Creating it..."
+  npm install --package-lock-only
+fi
+
+echo ""
+echo "========================================="
+echo "✓ All packages meet the 2-week age requirement"
+echo "========================================="
+echo ""
+echo "To install these packages:"
+echo "  npm ci  # Uses exact versions from package-lock.json"
+echo ""