Y
Hacker News
new
|
ask
|
show
|
jobs
by
homebrewer
196 days ago
pnpm does all that on top of node. Also disables postinstall scripts by default, making the recent security incidents we've seen a non-issue.
4 comments
junon
196 days ago
As the victim of the larger pre-Shai-Hulud attack, unfortunately the install script validation wouldn't have protected you. Also, if you already have an infected package on the whitelist, a new infection in the install script will still affect you.
link
antihero
196 days ago
I’m not sure why but bun still feels snappier.
link
B56b
196 days ago
This is why:
https://bun.com/blog/behind-the-scenes-of-bun-install
link
babyshake
196 days ago
Aside from speed, what would the major selling points be on migrating from pnpm to bun?
link
daheza
196 days ago
Are there any popular packages that require postinstall scripts that this hurts?
link
replete
196 days ago
A whitelist in package.json is only a partial assist
link