chore(pnpm): supply-chain hardening (lifecycle allowlist, release-age cooldown, overrides migration)

.github/workflows/build-js.yml

@@ -13,9 +13,8 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - uses: pnpm/action-setup@v2
-        with:
-          version: 9.0.6
+      # Version is read from the root package.json "packageManager" field.
+      - uses: pnpm/action-setup@v4
       - uses: actions/setup-node@v4
         with:
           node-version-file: '.node-version'

.github/workflows/publish-npm-package.yml

@@ -29,9 +29,8 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - uses: pnpm/action-setup@v2
-        with:
-          version: 9.15.4
+      # Version is read from the root package.json "packageManager" field.
+      - uses: pnpm/action-setup@v4
       - uses: actions/setup-node@v4
         with:
           node-version-file: ".node-version"

package.json

@@ -1,6 +1,7 @@
 {
   "name": "OpenUI",
   "version": "1.0.0",
+  "packageManager": "pnpm@11.9.0",
   "engines": {
     "node": "24.18.0"
   },
@@ -47,17 +48,5 @@
   },
   "bugs": {
     "url": "https://github.com/thesysdev/openui/issues"
-  },
-  "pnpm": {
-    "overrides": {
-      "langsmith@<0.6.0": "^0.6.0",
-      "ip-address@<10.1.1": ">=10.1.1",
-      "postcss@<8.5.10": ">=8.5.10",
-      "qs@<6.15.2": ">=6.15.2",
-      "uuid@<11.1.1": "^11.1.1",
-      "cookie@<0.7.0": ">=0.7.0",
-      "prismjs@<1.30.0": ">=1.30.0",
-      "@ai-sdk/provider-utils@<=3.0.97": "^4.0.27"
-    }
   }
 }

pnpm-workspace.yaml

@@ -4,6 +4,46 @@ packages:
   - "docs/"
   - "!**/src/templates/**"
 
+# --- Supply-chain hardening (pnpm 11+) ---
+# Lifecycle (preinstall/install/postinstall) scripts are blocked by default in
+# pnpm 11. Every dependency that has a build script must be explicitly decided
+# here (true = allowed to run, false = blocked). Anything not listed is blocked
+# AND re-prompts on install, so we list all of them. Keep `true` minimal and
+# limited to dependencies that genuinely need a native/binary build.
+allowBuilds:
+  # Native/binary builds we actually need:
+  "@parcel/watcher": true # native file-watcher (nitropack/vite)
+  esbuild: true # fetches the platform binary
+  sharp: true # native libvips image processing
+  unrs-resolver: true # native module-resolution binding
+  # Intentionally blocked (telemetry / cosmetic / unnecessary):
+  "@google/genai": false # preinstall notice only
+  "@scarf/scarf": false # analytics/telemetry beacon
+  core-js: false # postinstall console ad
+  protobufjs: false # not needed at install time
+
+# Cooldown: refuse to install package versions published less than this many
+# minutes ago. Defends against freshly-published compromised releases
+# (e.g. self-propagating npm worms) by giving the ecosystem time to react.
+# 1440 = 24h. Raise for stronger protection at the cost of update latency.
+minimumReleaseAge: 1440
+
+# Make sure node_modules matches the lockfile before running any script, so
+# scripts never execute against a stale or tampered-with dependency tree.
+verifyDepsBeforeRun: install
+
+# Security overrides for known-vulnerable transitive dependencies (CVE pins).
+# pnpm 11 reads overrides from here, NOT from the package.json "pnpm" field.
+overrides:
+  "langsmith@<0.6.0": "^0.6.0"
+  "ip-address@<10.1.1": ">=10.1.1"
+  "postcss@<8.5.10": ">=8.5.10"
+  "qs@<6.15.2": ">=6.15.2"
+  "uuid@<11.1.1": "^11.1.1"
+  "cookie@<0.7.0": ">=0.7.0"
+  "prismjs@<1.30.0": ">=1.30.0"
+  "@ai-sdk/provider-utils@<=3.0.97": "^4.0.27"
+
 # Centralized dependency versions shared across packages.
 # Reference these from a package.json with the "catalog:" protocol.
 catalog: