chore(deps): update dependencies and package management

jdalton · jdalton · commit 43b6423a2204 · 2025-11-18T22:41:16.000-08:00
- Update @socketsecurity/lib from 3.1.3 to 4.2.0
- Upgrade pnpm to 10.22.0 with engine requirement &gt;=10.22.0
- Update vitest to 4.0.3 for consistency
- Add trust policy to .npmrc to prevent downgrade attacks
- Normalize package.json property order and packageManager fields
- Update pnpm-lock.yaml to match package.json
diff --git a/.npmrc b/.npmrc
@@ -2,6 +2,9 @@
 ignore-scripts=true
 
 # Suppress pnpm workspace warnings
-link-workspace-packages=true
+link-workspace-packages=false
 loglevel=error
-prefer-workspace-packages=true
+prefer-workspace-packages=false
+
+# Trust policy - prevent downgrade attacks
+trust-policy=no-downgrade
diff --git a/package.json b/package.json
@@ -1,6 +1,7 @@
 {
   "name": "@socketregistry/packageurl-js",
   "version": "1.3.5",
+  "packageManager": "pnpm@10.22.0",
   "license": "MIT",
   "description": "Socket.dev optimized package override for packageurl-js",
   "keywords": [
@@ -27,36 +28,44 @@
     },
     "./package.json": "./package.json"
   },
+  "files": [
+    "dist/**/*",
+    "data/**/*.json",
+    "CHANGELOG.md"
+  ],
+  "engines": {
+    "node": ">=18",
+    "pnpm": ">=10.22.0"
+  },
   "sideEffects": false,
   "scripts": {
-    "build": "node scripts/load.cjs build",
-    "bump": "node scripts/load.cjs bump",
-    "check": "node scripts/load.cjs check",
-    "clean": "node scripts/load.cjs clean",
-    "cover": "node scripts/load.cjs cover",
-    "fix": "node scripts/load.cjs fix",
-    "lint": "node scripts/load.cjs lint",
+    "build": "node scripts/build.mjs",
+    "bump": "node scripts/bump.mjs",
+    "check": "node scripts/check.mjs",
+    "clean": "node scripts/clean.mjs",
+    "cover": "node scripts/cover.mjs",
+    "fix": "node scripts/fix.mjs",
+    "lint": "node scripts/lint.mjs",
     "precommit": "pnpm run check --lint --staged",
     "prepare": "husky",
     "prepublishOnly": "echo 'ERROR: Use GitHub Actions workflow for publishing' && exit 1",
-    "publish": "node scripts/load.cjs publish",
-    "claude": "node scripts/load.cjs claude",
-    "test": "node scripts/load.cjs test",
+    "publish": "node scripts/publish.mjs",
+    "claude": "node scripts/claude.mjs",
+    "test": "node scripts/test.mjs",
     "type": "tsgo --noEmit -p .config/tsconfig.check.json",
-    "update": "node scripts/load.cjs update",
-    "update:data:npm": "node scripts/load.cjs update-data-npm"
+    "update": "node scripts/update.mjs",
+    "update:data:npm": "node scripts/update-data-npm.mjs"
   },
   "devDependencies": {
     "@babel/parser": "^7.28.5",
     "@biomejs/biome": "2.2.4",
-    "@dotenvx/dotenvx": "1.49.0",
     "@eslint/compat": "1.3.2",
     "@eslint/js": "9.35.0",
-    "@socketsecurity/lib": "3.1.2",
-    "@socketsecurity/registry": "1.5.3",
+    "@socketsecurity/lib": "4.2.0",
+    "@socketsecurity/registry": "2.0.2",
     "@types/node": "24.9.2",
     "@typescript/native-preview": "7.0.0-dev.20250926.1",
-    "@vitest/coverage-v8": "3.2.4",
+    "@vitest/coverage-v8": "4.0.3",
     "all-the-package-names": "2.0.0",
     "all-the-package-names-v1.3905.0": "npm:all-the-package-names@1.3905.0",
     "del": "8.0.1",
@@ -71,26 +80,16 @@
     "globals": "16.4.0",
     "husky": "9.1.7",
     "magic-string": "^0.30.21",
-    "npm-run-all2": "8.0.4",
     "pacote": "21.0.1",
     "semver": "7.7.2",
     "taze": "19.6.0",
     "type-coverage": "2.29.7",
     "typescript": "5.9.2",
     "typescript-eslint": "8.44.1",
     "validate-npm-package-name": "6.0.2",
-    "vitest": "3.2.4",
+    "vitest": "4.0.3",
     "yoctocolors-cjs": "2.1.3"
   },
-  "engines": {
-    "node": ">=18",
-    "pnpm": ">=10.16.0"
-  },
-  "files": [
-    "dist/**/*",
-    "data/**/*.json",
-    "CHANGELOG.md"
-  ],
   "pnpm": {
     "ignoredBuiltDependencies": [
       "esbuild",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
