The frame-specific bearing requirements remain the same as the factory schematic.
Duncan Robertson whomwah
whomwah
/ brew-security.sh
Last active
March 12, 2026 11:03
Upgrade only patch-level Homebrew packages (e.g. 1.2.3 → 1.2.4). Scans brew outdated for packages where only the patch version changed, then offers to upgrade them — so you can apply low-risk security/bug-fix updates without pulling in breaking minor or major changes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # brew-security.sh — Upgrade only patch-level Homebrew packages | |
| # | |
| # Scans `brew outdated` for packages where only the patch version has changed | |
| # (e.g. 0.9.8 -> 0.9.9) and offers to upgrade them. Skips minor/major bumps | |
| # so you can apply low-risk security and bug-fix updates without accidentally | |
| # pulling in breaking changes. | |
| # | |
| # Before each upgrade, performs a dry run to detect dependent packages that |
whomwah
/ block_sensitive_files.sh
Last active
March 16, 2026 11:06
claude-code hook. Attempts to block read/write access to sensitive files.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # block_sensitive_files.sh — blocks read/write access to sensitive files. | |
| INPUT=$(cat) | |
| FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty') | |
| if [ -z "$FILE_PATH" ]; then | |
| exit 0 | |
| fi |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Opus 4.6 (1M context) | Talk | main | ▄░░░░░░░░░ 3% of 1000k tokens |
whomwah
/ package-age-gate.sh
Last active
May 12, 2026 11:22
Hardens NPM, Bun, PNPM, and Yarn against supply chain attacks by writing sensible security defaults to their global config files.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| # harden-js-package-managers.sh | |
| # | |
| # Hardens npm, Bun, pnpm, and Yarn against supply chain attacks by | |
| # writing sensible security defaults to their global config files. | |
| # | |
| # Sets a 3-day minimum release age gate on all four package managers. | |
| # New package versions won't be installed until they've been live on |
OlderNewer