Three-Day Dependency Cooling as a Supply-Chain Bandaid
Maps to joelclaw agent workstation hardening: package-manager age gates should be a repeatable local setup step before agents install dependencies.
Some security fixes are boring enough to actually use. This tiny page is a copy button for an agent prompt that hardens local JavaScript package installs by adding a three-day cooling period across npm, pnpm, Bun, and Yarn.
The clever bit is that it packages local supply-chain attack defense as an operator task, not a hand-wavy wiki page. The prompt tells the agent to detect package managers from lockfiles, preserve existing config and auth tokens, verify current docs before writing, exempt workspace scopes, update fnm npm configs, and report weird dependency specs before changing them.
This is a minimum bandaid, exactly matching Joel’s Slack note. It doesn’t solve the whole package ecosystem mess, but it reduces the dumbest local blast radius: brand-new compromised releases and exotic transitive dependency references sneaking through while an agent is busy installing shit.
For joelclaw, this belongs in machine bootstrap/hardening. If agents are going to edit repos and install packages, the local installer defaults should be less trusting by default.
Key Ideas
- A three-day package cooling period makes fresh malicious releases less likely to hit local installs immediately across npm, pnpm, Bun, and Yarn.
- pnpm has a separate
blockExoticSubdepsguard for remote/non-registry subdependency specs that age gates don’t cover. - The prompt’s strongest move is “verify current docs first,” which prevents stale agent memory from writing dead config keys.
- Workspace and private scopes need explicit exemptions so local packages don’t get blocked by the same age gates meant for public registry dependencies.
- The remote-host clause turns the pattern into a repeatable hardening action for every machine where agents run installs.