home.social

#pnpm — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #pnpm, aggregated by home.social.

  1. 📦 Package coverage is broad: npm (#pnpm, #yarn, #bun), #PyPI, #Go modules, #RubyGems, #Composer. Reads lockfiles & install metadata — no package-manager execution, no source-file reads. Zero network calls during scans.

    🔌 Also scans #MCP server configs (claude_desktop_config.json, mcp.json, Gemini CLI settings) and editor extensions for VS Code, Cursor, Windsurf, VSCodium — plus Chromium & Firefox browser extensions.

  2. 📦 Package coverage is broad: npm (#pnpm, #yarn, #bun), #PyPI, #Go modules, #RubyGems, #Composer. Reads lockfiles & install metadata — no package-manager execution, no source-file reads. Zero network calls during scans.

    🔌 Also scans #MCP server configs (claude_desktop_config.json, mcp.json, Gemini CLI settings) and editor extensions for VS Code, Cursor, Windsurf, VSCodium — plus Chromium & Firefox browser extensions.

  3. 📦 Package coverage is broad: npm (#pnpm, #yarn, #bun), #PyPI, #Go modules, #RubyGems, #Composer. Reads lockfiles & install metadata — no package-manager execution, no source-file reads. Zero network calls during scans.

    🔌 Also scans #MCP server configs (claude_desktop_config.json, mcp.json, Gemini CLI settings) and editor extensions for VS Code, Cursor, Windsurf, VSCodium — plus Chromium & Firefox browser extensions.

  4. 📦 Package coverage is broad: npm (#pnpm, #yarn, #bun), #PyPI, #Go modules, #RubyGems, #Composer. Reads lockfiles & install metadata — no package-manager execution, no source-file reads. Zero network calls during scans.

    🔌 Also scans #MCP server configs (claude_desktop_config.json, mcp.json, Gemini CLI settings) and editor extensions for VS Code, Cursor, Windsurf, VSCodium — plus Chromium & Firefox browser extensions.

  5. 📦 Package coverage is broad: npm (#pnpm, #yarn, #bun), #PyPI, #Go modules, #RubyGems, #Composer. Reads lockfiles & install metadata — no package-manager execution, no source-file reads. Zero network calls during scans.

    🔌 Also scans #MCP server configs (claude_desktop_config.json, mcp.json, Gemini CLI settings) and editor extensions for VS Code, Cursor, Windsurf, VSCodium — plus Chromium & Firefox browser extensions.

  6. I never quite thought that the meme would be realised in the form of alternative package managers to npm, all of them rewriting to rust. CRAZY haha

    #npm #yarn #pnpm #bun #rustlang

  7. I never quite thought that the meme would be realised in the form of alternative package managers to npm, all of them rewriting to rust. CRAZY haha

    #npm #yarn #pnpm #bun #rustlang

  8. I never quite thought that the meme would be realised in the form of alternative package managers to npm, all of them rewriting to rust. CRAZY haha

    #npm #yarn #pnpm #bun #rustlang

  9. I never quite thought that the meme would be realised in the form of alternative package managers to npm, all of them rewriting to rust. CRAZY haha

    #npm #yarn #pnpm #bun #rustlang

  10. I never quite thought that the meme would be realised in the form of alternative package managers to npm, all of them rewriting to rust. CRAZY haha

  11. whenever there’s another #npm #supplychain attack, it’s time to start victim-blaming. unironically. don’t use npm, use #pnpm (or #bun).

    pnpm stores your packages in a single central repository instead of downloading them all every time, and it also doesn’t run build scripts by default unless you ask it to. plus, it’s faster, but that’s less important.

    if you use plain npm, you’re not a victim, you’re a perpetrator.

    [ERR_PNPM_IGNORED_BUILDS] Ignored build scripts: @parcel/[email protected], [email protected], [email protected], [email protected]
    
    Run "pnpm approve-builds" to pick which dependencies should be allowed to run scripts.
  12. whenever there’s another #npm #supplychain attack, it’s time to start victim-blaming. unironically. don’t use npm, use #pnpm (or #bun).

    pnpm stores your packages in a single central repository instead of downloading them all every time, and it also doesn’t run build scripts by default unless you ask it to. plus, it’s faster, but that’s less important.

    if you use plain npm, you’re not a victim, you’re a perpetrator.

    [ERR_PNPM_IGNORED_BUILDS] Ignored build scripts: @parcel/[email protected], [email protected], [email protected], [email protected]
    
    Run "pnpm approve-builds" to pick which dependencies should be allowed to run scripts.
  13. whenever there’s another #npm #supplychain attack, it’s time to start victim-blaming. unironically. don’t use npm, use #pnpm (or #bun).

    pnpm stores your packages in a single central repository instead of downloading them all every time, and it also doesn’t run build scripts by default unless you ask it to. plus, it’s faster, but that’s less important.

    if you use plain npm, you’re not a victim, you’re a perpetrator.

    [ERR_PNPM_IGNORED_BUILDS] Ignored build scripts: @parcel/[email protected], [email protected], [email protected], [email protected]
    
    Run "pnpm approve-builds" to pick which dependencies should be allowed to run scripts.
  14. whenever there’s another #npm #supplychain attack, it’s time to start victim-blaming. unironically. don’t use npm, use #pnpm (or #bun).

    pnpm stores your packages in a single central repository instead of downloading them all every time, and it also doesn’t run build scripts by default unless you ask it to. plus, it’s faster, but that’s less important.

    if you use plain npm, you’re not a victim, you’re a perpetrator.

    [ERR_PNPM_IGNORED_BUILDS] Ignored build scripts: @parcel/[email protected], [email protected], [email protected], [email protected]
    
    Run "pnpm approve-builds" to pick which dependencies should be allowed to run scripts.
  15. this vibe coded PR with 1,000,000+ additions is just open-source ransomware with prettier commit messages.

    shoutout to the brave soul reviewing:

    "LGTM" after skimming 14 lines… 🤡

    uninstalling immediately!

    github.com/oven-sh/bun/pull/30

    #npm #yarn #pnpm #bun #deno #js #javascript #typescript

  16. this vibe coded PR with 1,000,000+ additions is just open-source ransomware with prettier commit messages.

    shoutout to the brave soul reviewing:

    "LGTM" after skimming 14 lines… 🤡

    uninstalling immediately!

    github.com/oven-sh/bun/pull/30

    #npm #yarn #pnpm #bun #deno #js #javascript #typescript

  17. this vibe coded PR with 1,000,000+ additions is just open-source ransomware with prettier commit messages.

    shoutout to the brave soul reviewing:

    "LGTM" after skimming 14 lines… 🤡

    uninstalling immediately!

    github.com/oven-sh/bun/pull/30

    #npm #yarn #pnpm #bun #deno #js #javascript #typescript

  18. this vibe coded PR with 1,000,000+ additions is just open-source ransomware with prettier commit messages.

    shoutout to the brave soul reviewing:

    "LGTM" after skimming 14 lines… 🤡

    uninstalling immediately!

    github.com/oven-sh/bun/pull/30

    #npm #yarn #pnpm #bun #deno #js #javascript #typescript

  19. Supply-chain security woes! Here's a simple configuration that will improve your PNPM security posture along with a nudge towards something even deeper!

    coderlegion.com/14098/configur

    #NodeJS #Security #PNPM

  20. Supply-chain security woes! Here's a simple configuration that will improve your PNPM security posture along with a nudge towards something even deeper!

    coderlegion.com/14098/configur

    #NodeJS #Security #PNPM

  21. Supply-chain security woes! Here's a simple configuration that will improve your PNPM security posture along with a nudge towards something even deeper!

    coderlegion.com/14098/configur

    #NodeJS #Security #PNPM

  22. Supply-chain security woes! Here's a simple configuration that will improve your PNPM security posture along with a nudge towards something even deeper!

    coderlegion.com/14098/configur

    #NodeJS #Security #PNPM

  23. Supply-chain security woes! Here's a simple configuration that will improve your PNPM security posture along with a nudge towards something even deeper!

    coderlegion.com/14098/configur

    #NodeJS #Security #PNPM