Skip to content

docs: document minimumDependencyAge deno.json setting#3027

Closed
bartlomieju wants to merge 2 commits into
mainfrom
docs/minimum-dependency-age-3017
Closed

docs: document minimumDependencyAge deno.json setting#3027
bartlomieju wants to merge 2 commits into
mainfrom
docs/minimum-dependency-age-3017

Conversation

@bartlomieju
Copy link
Copy Markdown
Member

@bartlomieju bartlomieju commented Apr 8, 2026

Summary

  • Adds documentation for the minimumDependencyAge configuration field in the deno.json config page
  • Covers all supported value formats: minutes, ISO 8601 duration, and RFC 3339 timestamps
  • Documents CLI override via --minimum-dependency-age

Closes #3017

Test plan

  • Verify the new section renders correctly on the configuration page
  • Confirm code examples display properly

🤖 Generated with Claude Code

bartlomieju and others added 2 commits April 8, 2026 08:22
@bartlomieju @claude
docs: document minimumDependencyAge deno.json setting
a13a2bc 
Adds documentation for the minimumDependencyAge configuration option,
which protects against supply chain attacks by requiring dependencies
to have existed for a minimum age before installation.

Closes #3017

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@bartlomieju @claude
chore: format with deno fmt
9a2d42b 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@petamoriken
Copy link
Copy Markdown
Contributor

petamoriken commented Apr 16, 2026

It looks like we might need to update last_modified manually.

@fibibot fibibot mentioned this pull request May 14, 2026
Closed
lunadogbot
lunadogbot requested changes May 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@lunadogbot lunadogbot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The --unstable-npm-lazy-caching claim in the caution block looks wrong. minimumDependencyAge is its own unstable feature (see denoland/deno#31007 — the introducing PR doesn't mention lazy caching), and the schema marks it (Unstable) on its own. unstable_npm_lazy_caching() in cli/args/mod.rs only gates eager-vs-lazy npm caching strategy and doesn't reference minimum_dependency_age. Suggest dropping the flag from the caution: "This feature is unstable. Configure it in deno.json or pass --minimum-dependency-age on the command line."

Also, the example uses "2025-09-16" (a date) but the prose calls it an "RFC 3339 timestamp" — the schema's own help text calls a bare date a "cutoff date" and a …T12:00:00+00:00 form a "cutoff time". Worth matching: "RFC 3339 date or timestamp".

  • nit: #3046 and draft #3024 document the same field — coordinate with the maintainer on which lands.
  • nit: last_modified: 2026-03-09#3002 should auto-bump this on build, so probably fine.

@bartlomieju
Copy link
Copy Markdown
Member Author

bartlomieju commented May 20, 2026

Closing in favor of #3100, which covers minimumDependencyAge as part of the Deno 2.8 docs update.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lunadogbot lunadogbot lunadogbot requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Docs for deno.json don't mention minimumDependencyAge setting

3 participants

@bartlomieju @petamoriken @lunadogbot