diff --git a/.yarnrc.yml b/.yarnrc.yml
index 9aa2cc7d..118d0ab3 100644
--- a/.yarnrc.yml
+++ b/.yarnrc.yml
@@ -17,3 +17,12 @@ plugins:
     spec: 'https://raw.githubusercontent.com/LavaMoat/LavaMoat/main/packages/yarn-plugin-allow-scripts/bundles/@yarnpkg/plugin-allow-scripts.js'
 
 nmHoistingLimits: none
+
+# NPM Supply Chain Attack Protection
+# Minimum age gate: only allow packages older than 3 days (4320 minutes)
+npmMinimalAgeGate: 4320
+
+# Pre-approved packages that can bypass the age gate
+npmPreapprovedPackages:
+  - '@metamask/*'
+  - '@lavamoat/*'
diff --git a/package.json b/package.json
index 0ef29b9d..eec07597 100644
--- a/package.json
+++ b/package.json
@@ -128,7 +128,7 @@
     "typescript-eslint": "^8.7.0",
     "yargs": "^17.7.2"
   },
-  "packageManager": "yarn@4.2.2",
+  "packageManager": "yarn@4.10.3",
   "engines": {
     "node": "^18.18 || >=20"
   },
diff --git a/yarn.config.cjs b/yarn.config.cjs
index f9ec7d43..89104880 100644
--- a/yarn.config.cjs
+++ b/yarn.config.cjs
@@ -207,7 +207,7 @@ module.exports = defineConfig({
       if (isChildWorkspace) {
         workspace.unset('packageManager');
       } else {
-        expectWorkspaceField(workspace, 'packageManager', 'yarn@4.2.2');
+        expectWorkspaceField(workspace, 'packageManager', 'yarn@4.10.3');
       }
 
       // All packages must specify a minimum Node.js version of 18.18.
diff --git a/yarn.lock b/yarn.lock
index d011b1c7..731119ab 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -20703,11 +20703,11 @@ __metadata:
 
 "typescript@patch:typescript@npm%3A5.5.4#optional!builtin<compat/typescript>":
   version: 5.5.4
-  resolution: "typescript@patch:typescript@npm%3A5.5.4#optional!builtin<compat/typescript>::version=5.5.4&hash=b45daf"
+  resolution: "typescript@patch:typescript@npm%3A5.5.4#optional!builtin<compat/typescript>::version=5.5.4&hash=379a07"
   bin:
     tsc: bin/tsc
     tsserver: bin/tsserver
-  checksum: 10/2c065f0ef81855eac25c9b658a3c9da65ffc005260c12854c2286f40f3667e1b1ecf8bdbdd37b59aa0397920378ce7900bff8cb32e0f1c7af6fd86efc676718c
+  checksum: 10/746fdd0865c5ce4f15e494c57ede03a9e12ede59cfdb40da3a281807853fe63b00ef1c912d7222143499aa82f18b8b472baa1830df8804746d09b55f6cf5b1cc
   languageName: node
   linkType: hard