- Update QuickBEAM to 0.10.11 for vendored C symbol hiding
- Update npm_ex to 0.7.1
- Runtime npm installs record and validate npm_ex lockfile security policy
- Runtime npm installs warn when packages declare ignored lifecycle scripts
- npm_ex blocks direct git/file/URL dependencies unless explicitly allowlisted and blocks transitive exotic dependency specs by default
- npm_ex skips package versions with blocked transitive exotic dependencies during resolution so safe matching versions can still be selected
https://hex.pm/packages/volt/0.10.3
