From d8501720ea71ed469b6a80ba958805caeca78799 Mon Sep 17 00:00:00 2001
From: Kavith Lokuhewage <kaviththiranga@gmail.com>
Date: Sat, 29 Nov 2025 15:26:41 +0530
Subject: [PATCH] Add dependency security hardening per Hai-Hulud 2.0
 guidelines

 - Create .npmrc with ignore-scripts=true to prevent malicious lifecycle scripts
 - Pin all dependency versions (remove ^ and ~ semver ranges) to prevent
   unintended updates

 Security audit verified:
 - CI/CD already uses npm ci (enforces lockfile)
 - No npm update commands in pipelines
 - No npx commands without version pinning
 - No installed packages match Hai-Hulud 2.0 affected versions list
---
 .npmrc       |  1 +
 package.json | 16 ++++++++--------
 2 files changed, 9 insertions(+), 8 deletions(-)
 create mode 100644 .npmrc

diff --git a/.npmrc b/.npmrc
new file mode 100644
index 0000000..97b895e
--- /dev/null
+++ b/.npmrc
@@ -0,0 +1 @@
+ignore-scripts=true
diff --git a/package.json b/package.json
index 8abcdc3..2d00f58 100644
--- a/package.json
+++ b/package.json
@@ -15,19 +15,19 @@
     "typecheck": "tsc"
   },
   "dependencies": {
-    "@docusaurus/core": "^3.9.2",
-    "@docusaurus/preset-classic": "^3.9.2",
-    "@mdx-js/react": "^3.0.0",
-    "clsx": "^2.0.0",
-    "prism-react-renderer": "^2.3.0",
-    "react": "^19.0.0",
-    "react-dom": "^19.0.0"
+    "@docusaurus/core": "3.9.2",
+    "@docusaurus/preset-classic": "3.9.2",
+    "@mdx-js/react": "3.0.0",
+    "clsx": "2.0.0",
+    "prism-react-renderer": "2.3.0",
+    "react": "19.0.0",
+    "react-dom": "19.0.0"
   },
   "devDependencies": {
     "@docusaurus/module-type-aliases": "3.8.1",
     "@docusaurus/tsconfig": "3.8.1",
     "@docusaurus/types": "3.8.1",
-    "typescript": "~5.6.2"
+    "typescript": "5.6.2"
   },
   "browserslist": {
     "production": [