From a864eed06dc3713195a43b71a1b9c989393bc5a9 Mon Sep 17 00:00:00 2001
From: Sean Meyer <sean.meyer@datadoghq.com>
Date: Fri, 3 Apr 2026 16:56:37 +0000
Subject: [PATCH] [Security] Add 2-day minimum release age cooldown
 (incident-51987)

Adds npmMinimalAgeGate: "2d" to .yarnrc.yml. Configures Yarn Berry to
refuse packages published less than 2 days ago during lockfile generation.
Requires: Yarn Berry >= 4.10.0 (this repo uses 4.10.3)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .yarnrc.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.yarnrc.yml b/.yarnrc.yml
index 3186f3f0..062b544e 100644
--- a/.yarnrc.yml
+++ b/.yarnrc.yml
@@ -1 +1,3 @@
 nodeLinker: node-modules
+
+npmMinimalAgeGate: "2d"