Skip to content

Comments

Upgrade to Yarn v4.10.3 and enable npmMinimalAgeGate for supply chain protection#1184

Closed
Ariiellus wants to merge 7 commits intoscaffold-eth:mainfrom
Ariiellus:main
Closed

Upgrade to Yarn v4.10.3 and enable npmMinimalAgeGate for supply chain protection#1184
Ariiellus wants to merge 7 commits intoscaffold-eth:mainfrom
Ariiellus:main

Conversation

@Ariiellus
Copy link

@Ariiellus Ariiellus commented Sep 23, 2025

Description

Following discussion in #1183 to increase security measures in the development workflow. This PR upgrades the current yarn v3.2.3 version to the latest v4.10.3 to enable npmMinimalAgeGate.

npmMinimalAgeGate improves supply chain security by introducing a delay before newly published npm packages can be installed, providing researchers time to identify and report malicious releases.

Additional Information

Related Issues

_Closes #1183 _

Your ENS/address:
Ariiellus.eth
0x6d465d2081b799770d0ce7e755d8db1665903ffb

@technophile-04
Copy link
Collaborator

technophile-04 commented Nov 6, 2025

Hey @Ariiellus, Thanks for the PR! Can you tell the steps you followed to migrate to v4?

I think we just need to do:

yarn set version berry
yarn install

And yarn automatically migrates / updates the file. Asking this because I tried running the above command and it removed the plugs which we have configured and updated the yarn.lock file as well. Can you please push those changes as well?

@technophile-04 technophile-04 mentioned this pull request Dec 5, 2025
Open
@technophile-04
Copy link
Collaborator

technophile-04 commented Dec 8, 2025

Closing this as of #1211

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Ariiellus @technophile-04 @carletex