|
|
|
|
|
|
by hrpnk
209 days ago
|
|
|
TIL: yarn/pnpm has a minimumReleaseAge setting. "We also suggest you make use of the minimumReleaseAge setting present both in yarn and pnpm. By setting this to a high enough value (like 3 days), you can make sure you won't be hit by these vulnerabilities before researchers, package managers, and library maintainers have the chance to wipe the malicious packages." |
|
|