pnpm
@pnpmjs
Fast, disk space efficient package manager 快速且節省磁碟空間的套件管理程式 Sponsor us: on GitHub: http://github.com/sponsors/pnpm on OpenCollective: https://opencollective.com/pnpm
Talvez você curta
The Seattle Times is piloting pnpm’s client-side defenses—blocked lifecycle scripts, release cooldowns, and trust policy—to stop worms like Shai-Hulud 2.0 before they land. Read their story: pnpm.io/blog/2025/12/0…
The incidents keep happening. This remains a good idea for pnpm v11 x.com/pnpmjs/status/…
Should pnpm delay installation of package versions released less than a day or week ago?
Yet another reminder to use @pnpmjs's minimum dependency age‼️ pnpm.io/settings#minim…
🔥 New npm attack DETECTED! A campaign dubbed “Sha1-Hulud: The Second Coming” has compromised hundreds of packages and over 25,000 GitHub repos. The code runs during install, steals cloud logins, and if that fails, it deletes the user’s home folder. Read more ↓…
Maintaining a CLI app? You can now target only the latest Node.js version — pnpm will install it automatically as a dependency for your app. x.com/pnpmjs/status/…
🧩 Node.js runtime installation for dependencies pnpm can now automatically install the Node.js version required by a dependency, declared in its engines.runtime field. Example:
We have discovered that chokidar has switched off provenance a year ago and now it fails with the trustPolicy setting set to no-downgrade. We'll need to think about a way to deal with these cases. x.com/pnpmjs/status/…
A new setting, trustPolicy, adds protection against supply-chain attacks. When set to no-downgrade, pnpm will fail installation if a package’s trust level drops — e.g. from a trusted publisher → provenance only → no trust evidence.
💖 This Sep & Oct, we have forwarded our Open Collective fund to support @chris_zyyv @webfansplz @bluwyoo @KazariEX_0929 @vida_0905 e18e.dev esm.sh @pnpmjs @iconify_design Join us to show appreciation for our deps and help them be sustainable!…
esm.sh
ESM>CDN
A fast, smart & global CDN for modern(es2015+) web development.
Surprisingly, none of the package managers are published using OIDC publishing today. Even npm CLI. I did configure OIDC publishing for @pnpmjs, so it will be "trusted" in the next version
I remember using CKEditor at JustAnswer and being really excited when they were considering pnpm years ago. They decided not to switch back then — feels good to win them over at last. x.com/reinmarpl/stat…
It's impressive to see how quickly @pnpmjs added support for "minimal dependency age" (github.com/pnpm/pnpm/issu…) after the recent supply chain attacks on npm 😍 By a total coincidence, just a month ago, we finished a migration to pnpm. We definitely don’t look back 🚀 And today,…
This is nice. We did not have to make any changes on our side to make this work x.com/feross/status/…
United States Tendências
- 1. #heatedrivalry 54.6K posts
- 2. shane 74.5K posts
- 3. Expedition 33 219K posts
- 4. ilya 58.6K posts
- 5. Kyle Pitts 19.9K posts
- 6. #TheGameAwards 445K posts
- 7. GOTY 71.5K posts
- 8. Falcons 38.9K posts
- 9. Bucs 24.5K posts
- 10. Todd Bowles 6,009 posts
- 11. Mega Man 40.4K posts
- 12. YOONMIN 17K posts
- 13. #TheEndOfAnEra N/A
- 14. jacob tierney 3,007 posts
- 15. Baker 24.2K posts
- 16. Deadpool 37.1K posts
- 17. Silksong 52.1K posts
- 18. Leon 197K posts
- 19. Geoff 72.9K posts
- 20. Kirk Cousins 6,646 posts
Talvez você curta
Something went wrong.
Something went wrong.