Merge pull request opentripplanner#7488 from entur/fix/harden-npm

leonardehrenfried · web-flow · commit 6e55fbd406e4 · 2026-03-31T15:16:48.000Z
Improve npm package repository security
diff --git a/client/.npmrc b/client/.npmrc
@@ -1 +1,5 @@
-save-exact=true
+save-exact=true
+prefer-offline=false
+ignore-scripts=true
+min-release-age=7
+allow-git=none
diff --git a/client/package.json b/client/package.json
@@ -4,19 +4,15 @@
   "version": "0.0.0",
   "type": "module",
   "scripts": {
-    "dev": "vite",
-    "build": "tsc && vite build",
+    "dev": "npm run codegen && vite",
+    "build": "npm run codegen && npm run lint && npm run check-format && tsc && vite build",
     "test": "vitest --root src/",
     "coverage": "vitest run --root src/ --coverage",
     "lint": "eslint . --report-unused-disable-directives --max-warnings 0",
     "check-format": "prettier --check \"**/*.{js,jsx,ts,tsx,json,css,scss,md}\"",
     "format": "prettier --write \"**/*.{js,jsx,ts,tsx,json,css,scss,md}\"",
     "preview": "vite preview",
-    "prebuild": "npm run codegen && npm run lint && npm run check-format",
-    "predev": "npm run codegen",
-    "codegen-preprocess": "graphql-codegen --config codegen-preprocess.ts",
-    "precodegen": "npm run codegen-preprocess",
-    "codegen": "graphql-codegen --config codegen.ts"
+    "codegen": "graphql-codegen --config codegen-preprocess.ts && graphql-codegen --config codegen.ts"
   },
   "dependencies": {
     "@googlemaps/polyline-codec": "1.0.28",
diff --git a/renovate.json5 b/renovate.json5
@@ -33,12 +33,14 @@
       "matchUpdateTypes": ["patch", "minor"],
       "groupName": "Debug UI dependencies (non-major)",
       "schedule": ["after 6pm on the 17th day of the month"],
+      "minimumReleaseAge": "4 days",
       "reviewers": ["testower"],
       "postUpdateOptions": ["npmInstallTwice"]
     },
     {
       "matchFiles": ["client/package.json"],
       "matchUpdateTypes": ["major"],
+      "minimumReleaseAge": "4 days",
       "reviewers": ["testower"],
       "postUpdateOptions": ["npmInstallTwice"]
     },
@@ -116,6 +118,7 @@
     {
       "groupName": "GTFS API code generation",
       "matchFiles": ["application/src/main/java/org/opentripplanner/apis/gtfs/generated/package.json"],
+      "minimumReleaseAge": "4 days",
       "reviewers": ["optionsome", "leonardehrenfried"],
       "schedule": "on the 11th through 12th day of the month"
     },
