#pnpm — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #pnpm, aggregated by home.social.
-
📦 Package coverage is broad: npm (#pnpm, #yarn, #bun), #PyPI, #Go modules, #RubyGems, #Composer. Reads lockfiles & install metadata — no package-manager execution, no source-file reads. Zero network calls during scans.
🔌 Also scans #MCP server configs (claude_desktop_config.json, mcp.json, Gemini CLI settings) and editor extensions for VS Code, Cursor, Windsurf, VSCodium — plus Chromium & Firefox browser extensions.
-
📦 Package coverage is broad: npm (#pnpm, #yarn, #bun), #PyPI, #Go modules, #RubyGems, #Composer. Reads lockfiles & install metadata — no package-manager execution, no source-file reads. Zero network calls during scans.
🔌 Also scans #MCP server configs (claude_desktop_config.json, mcp.json, Gemini CLI settings) and editor extensions for VS Code, Cursor, Windsurf, VSCodium — plus Chromium & Firefox browser extensions.
-
📦 Package coverage is broad: npm (#pnpm, #yarn, #bun), #PyPI, #Go modules, #RubyGems, #Composer. Reads lockfiles & install metadata — no package-manager execution, no source-file reads. Zero network calls during scans.
🔌 Also scans #MCP server configs (claude_desktop_config.json, mcp.json, Gemini CLI settings) and editor extensions for VS Code, Cursor, Windsurf, VSCodium — plus Chromium & Firefox browser extensions.
-
📦 Package coverage is broad: npm (#pnpm, #yarn, #bun), #PyPI, #Go modules, #RubyGems, #Composer. Reads lockfiles & install metadata — no package-manager execution, no source-file reads. Zero network calls during scans.
🔌 Also scans #MCP server configs (claude_desktop_config.json, mcp.json, Gemini CLI settings) and editor extensions for VS Code, Cursor, Windsurf, VSCodium — plus Chromium & Firefox browser extensions.
-
📦 Package coverage is broad: npm (#pnpm, #yarn, #bun), #PyPI, #Go modules, #RubyGems, #Composer. Reads lockfiles & install metadata — no package-manager execution, no source-file reads. Zero network calls during scans.
🔌 Also scans #MCP server configs (claude_desktop_config.json, mcp.json, Gemini CLI settings) and editor extensions for VS Code, Cursor, Windsurf, VSCodium — plus Chromium & Firefox browser extensions.
-
whenever there’s another #npm #supplychain attack, it’s time to start victim-blaming. unironically. don’t use npm, use #pnpm (or #bun).
pnpm stores your packages in a single central repository instead of downloading them all every time, and it also doesn’t run build scripts by default unless you ask it to. plus, it’s faster, but that’s less important.
if you use plain npm, you’re not a victim, you’re a perpetrator.
[ERR_PNPM_IGNORED_BUILDS] Ignored build scripts: @parcel/[email protected], [email protected], [email protected], [email protected] Run "pnpm approve-builds" to pick which dependencies should be allowed to run scripts. -
whenever there’s another #npm #supplychain attack, it’s time to start victim-blaming. unironically. don’t use npm, use #pnpm (or #bun).
pnpm stores your packages in a single central repository instead of downloading them all every time, and it also doesn’t run build scripts by default unless you ask it to. plus, it’s faster, but that’s less important.
if you use plain npm, you’re not a victim, you’re a perpetrator.
[ERR_PNPM_IGNORED_BUILDS] Ignored build scripts: @parcel/[email protected], [email protected], [email protected], [email protected] Run "pnpm approve-builds" to pick which dependencies should be allowed to run scripts. -
whenever there’s another #npm #supplychain attack, it’s time to start victim-blaming. unironically. don’t use npm, use #pnpm (or #bun).
pnpm stores your packages in a single central repository instead of downloading them all every time, and it also doesn’t run build scripts by default unless you ask it to. plus, it’s faster, but that’s less important.
if you use plain npm, you’re not a victim, you’re a perpetrator.
[ERR_PNPM_IGNORED_BUILDS] Ignored build scripts: @parcel/[email protected], [email protected], [email protected], [email protected] Run "pnpm approve-builds" to pick which dependencies should be allowed to run scripts. -
whenever there’s another #npm #supplychain attack, it’s time to start victim-blaming. unironically. don’t use npm, use #pnpm (or #bun).
pnpm stores your packages in a single central repository instead of downloading them all every time, and it also doesn’t run build scripts by default unless you ask it to. plus, it’s faster, but that’s less important.
if you use plain npm, you’re not a victim, you’re a perpetrator.
[ERR_PNPM_IGNORED_BUILDS] Ignored build scripts: @parcel/[email protected], [email protected], [email protected], [email protected] Run "pnpm approve-builds" to pick which dependencies should be allowed to run scripts. -
this vibe coded PR with 1,000,000+ additions is just open-source ransomware with prettier commit messages.
shoutout to the brave soul reviewing:
"LGTM" after skimming 14 lines… 🤡
uninstalling immediately!
-
this vibe coded PR with 1,000,000+ additions is just open-source ransomware with prettier commit messages.
shoutout to the brave soul reviewing:
"LGTM" after skimming 14 lines… 🤡
uninstalling immediately!
-
this vibe coded PR with 1,000,000+ additions is just open-source ransomware with prettier commit messages.
shoutout to the brave soul reviewing:
"LGTM" after skimming 14 lines… 🤡
uninstalling immediately!
-
this vibe coded PR with 1,000,000+ additions is just open-source ransomware with prettier commit messages.
shoutout to the brave soul reviewing:
"LGTM" after skimming 14 lines… 🤡
uninstalling immediately!
-
pnpm 11.0リリース ——新規公開の依存パッケージをデフォルトで1日後に解決対象に
https://gihyo.jp/article/2026/04/pnpm-v11-release?utm_source=feed -
-
-
-
-
-
Minimum Release Age Is an Underrated Supply Chain Defense, by @daniakash.com:
https://daniakash.com/posts/simplest-supply-chain-defense/
#security #dependencies #npm #bun #pnpm #yarn #deno #renovate #dependabot #axios
-
Minimum Release Age Is an Underrated Supply Chain Defense, by @daniakash.com:
https://daniakash.com/posts/simplest-supply-chain-defense/
#security #dependencies #npm #bun #pnpm #yarn #deno #renovate #dependabot #axios
-
Minimum Release Age Is an Underrated Supply Chain Defense, by @daniakash.com:
https://daniakash.com/posts/simplest-supply-chain-defense/
#security #dependencies #npm #bun #pnpm #yarn #deno #renovate #dependabot #axios
-
Minimum Release Age Is an Underrated Supply Chain Defense, by @daniakash.com:
https://daniakash.com/posts/simplest-supply-chain-defense/
#security #dependencies #npm #bun #pnpm #yarn #deno #renovate #dependabot #axios
-
Minimum Release Age Is an Underrated Supply Chain Defense, by @daniakash.com:
https://daniakash.com/posts/simplest-supply-chain-defense/
#security #dependencies #npm #bun #pnpm #yarn #deno #renovate #dependabot #axios
-
Supply-chain security woes! Here's a simple configuration that will improve your PNPM security posture along with a nudge towards something even deeper!
https://coderlegion.com/14098/configuring-pnpm-to-tackle-the-supply-chain-bonfire
-
Supply-chain security woes! Here's a simple configuration that will improve your PNPM security posture along with a nudge towards something even deeper!
https://coderlegion.com/14098/configuring-pnpm-to-tackle-the-supply-chain-bonfire
-
Supply-chain security woes! Here's a simple configuration that will improve your PNPM security posture along with a nudge towards something even deeper!
https://coderlegion.com/14098/configuring-pnpm-to-tackle-the-supply-chain-bonfire
-
Supply-chain security woes! Here's a simple configuration that will improve your PNPM security posture along with a nudge towards something even deeper!
https://coderlegion.com/14098/configuring-pnpm-to-tackle-the-supply-chain-bonfire
-
Supply-chain security woes! Here's a simple configuration that will improve your PNPM security posture along with a nudge towards something even deeper!
https://coderlegion.com/14098/configuring-pnpm-to-tackle-the-supply-chain-bonfire
-
pnpm 11 Beta 0, by @pnpm:
-
[小ネタ] 生成されたファイル類(package-lock.json など)がコンフリクトしたら真面目にマージしないで
https://qiita.com/ssc-ksaitou/items/667ef87273d3aa78bfae?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items -
[小ネタ] 生成されたファイル類(package-lock.json など)がコンフリクトしたら真面目にマージしないで
https://qiita.com/ssc-ksaitou/items/667ef87273d3aa78bfae?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items -
🚀 Deploy OpenStatus on Debian VPS (5 Minute Quick-Start Guide) #bun #certbot #corepack #debian #letsencrypt #monitoring #nginx #nodejs #openstatus #pnpm #selfhosted #selfhosting #statuspage #turso #vps #Cloud #Guides #VPS
🚀 Deploy OpenStatus on Debian ... -
🚀 Deploy OpenStatus on Debian VPS (5 Minute Quick-Start Guide) #bun #certbot #corepack #debian #letsencrypt #monitoring #nginx #nodejs #openstatus #pnpm #selfhosted #selfhosting #statuspage #turso #vps #Cloud #Guides #VPS
🚀 Deploy OpenStatus on Debian ...