pnpm
@pnpmjs
Fast, disk space efficient package manager 快速且節省磁碟空間的套件管理程式 Sponsor us: on GitHub: http://github.com/sponsors/pnpm on OpenCollective: https://opencollective.com/pnpm
Вам может понравиться
I remember using CKEditor at JustAnswer and being really excited when they were considering pnpm years ago. They decided not to switch back then — feels good to win them over at last. x.com/reinmarpl/stat…
It's impressive to see how quickly @pnpmjs added support for "minimal dependency age" (github.com/pnpm/pnpm/issu…) after the recent supply chain attacks on npm 😍 By a total coincidence, just a month ago, we finished a migration to pnpm. We definitely don’t look back 🚀 And today,…
This is nice. We did not have to make any changes on our side to make this work x.com/feross/status/…
You can still vote x.com/pnpmjs/status/…
Should pnpm delay installation of package versions released less than a day or week ago?
Zoltan Kochan is a full stack web developer and the creator of @pnpmjs. He joins the show with @JoshuaKGoldberg to talk about the state of package management for web dev. @ZoltanKochan softwareengineeringdaily.com/2025/09/18/pnp…
. @pnpmjs is a strong option for protecting against supply chain attacks, and the DX is excellent too they removed postinstall scripts a while back, cutting one big attack path now they’ve introduced `minimumReleaseAge` which lets you hold off on new versions for a day or more
This is not over. 👇 🚨 A new wave of the npm supply chain attack just hit again. This time targeting CrowdStrike packages. Socket detected malware-laced updates that steal developer creds, spin up rogue GitHub Actions, and exfiltrate secrets. Developing story...
Published an article about mitigating supply chain attacks with pnpm pnpm.io/supply-chain-s…
![pnpmjs's tweet card. Sometimes npm packages are compromised and published with malware. Luckily, there are companies like [Socket], [Snyk], and [Aikido] that detect these compromised packages early. The npm registry...](https://pbs.twimg.com/card_img/1977144467434979328/IATJE8Ix?format=jpg&name=orig)
After recent npm supply chain attacks, @pnpmjs 10.16 adds a setting to delay updating dependencies. Tools like Taze and npm-check-updates are testing similar “maturity” options, hinting at a cautious new trend in #JavaScript package management. socket.dev/blog/pnpm-10-1… #NodeJS
In pnpm v10.16 we have shipped an exciting new feature that allows to query your dependencies with custom "finder functions". See the documentation about it: pnpm.io/finders
Should pnpm delay installation of package versions released less than a day or week ago?
There's an open issue about it: github.com/pnpm/pnpm/issu…
Can pnpm be configured to only install packages that were published 24+ hours ago? cc @ZoltanKochan
💖 This July and August, we have forwarded our Open Collective fund to support @ilyaliao OrbisK @azat_io_en @posva Projects: @pnpmjs @iconify_design @jexia_ Join us to show appreciation for our dependencies and help them be sustainable! opencollective.com/antfu/updates/…
Its not even been a day but I suddenly feel that @pnpmjs has improved my overall dev experience 🤯 #pnpm #npm #nodejs #javascript
pnpm v10.14 is shipped with support for runtime engine installation. Node, Deno, and Bun are supported. pnpm.io/blog/releases/…
What naming do you prefer?
233 голос · Конечные результаты
United States Тренды
- 1. Deport Harry Sisson 9,382 posts
- 2. #PokemonZA 1,770 posts
- 3. DuPont 1,869 posts
- 4. Gabe Vincent 4,106 posts
- 5. #PokemonLegendZA 1,653 posts
- 6. #EliraGotCake2025 8,380 posts
- 7. Deloitte 7,151 posts
- 8. Angel Reese 53.6K posts
- 9. tzuyu 254K posts
- 10. #Blackhawks 2,186 posts
- 11. Mavs 5,801 posts
- 12. Lakers 18.4K posts
- 13. Tusky 2,426 posts
- 14. Mad Max 3,989 posts
- 15. Everest 3,523 posts
- 16. #AEWDynamite 18.9K posts
- 17. Blues 20.8K posts
- 18. Birdman 5,510 posts
- 19. Britney 22.6K posts
- 20. Domain For Sale 19.9K posts
Вам может понравиться
Something went wrong.
Something went wrong.