Techly NewsGet the app

Get the latest tech news

Pnpm has a new setting to stave off supply chain attacks


Minor Changes

In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour. For example, setting minimumReleaseAge: 1440 ensures that only packages released at least one day ago can be installed. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time:

Get the Android app

Or read this on Hacker News

Read more on:

Photo of new setting

new setting

Photo of supply chain attacks

supply chain attacks

Photo of Pnpm

Pnpm

Related news:

News photo

Supply chain attacks surge with orgs 'flying blind' about dependencies

News photo

AI Hallucinations Are Fueling a New Class of Supply Chain Attacks

News photo

Supply Chain Attacks on Linux Distributions – Fedora Pagure

« I recommend OnePlus' latest earbuds over pricey AirPods - get them while they're on sale
This Indian brand made the most versatile USB-C cable I've used yet »