fix: support yarn and pnpm

2025-11-18 17:09:47 -05:00 · 2025-09-08 16:23:24 -07:00
parent be7d6b76ae
commit 54646a5035
2 changed files with 14 additions and 3 deletions
--- a/bin/init.js
+++ b/bin/init.js
@@ -564,8 +564,8 @@ export async function init(
    packageJson.dependencies['next-auth'] = '^4.24.11';
  }

-  // Add security overrides for vulnerable packages
-  packageJson.overrides = {
+  // Add security overrides for vulnerable packages (compatible with npm, Yarn, and pnpm)
+  const securityOverrides = {
    "backslash": "0.2.0",
    "chalk-template": "1.1.0", 
    "supports-hyperlinks": "4.1.0",
@@ -585,6 +585,17 @@ export async function init(
    "ansi-styles": "6.2.1"
  };

+  // npm v8.3+ overrides
+  packageJson.overrides = securityOverrides;
+  
+  // Yarn (v1 and Berry) resolutions
+  packageJson.resolutions = securityOverrides;
+  
+  // pnpm overrides (namespaced)
+  packageJson.pnpm = {
+    overrides: securityOverrides
+  };
+
  fs.writeFileSync(packageJsonPath, JSON.stringify(packageJson, null, 2));

  // Handle .env file