[jdxcode]

In aube you get all this out of the box plus a lifecycle jail (next MV will have that on by default) and defaults to trustPolicy=no-downgrade (would not have helped here but still a good default).

It has the strongest security posture of any node pm.

https://aube.en.dev/security.html#jailed-lifecycle-scripts

[9dev]

Heads up: Your website at en.dev says you're a one-person open source company. That immediately ruled out any of your tools for me and my team; no matter how great they may be, a single developer is a supply chain risk. I wholeheartedly recommend enlarging the team.

[Imustaskforhelp]

What a pleasant surprise to see jdx within comments! I was actually using mise and found aube and decided to publish it on hackernews, I found it really cool!

Though a bit sad that it hadn't received traction back then but I must admit jdx that a lot of the work that you do is really cool.

Also I am happy to know that you are finally able to work on Open source full time, I am glad that I can use open source software created by (in my opinion generous) people like you too, mise is awesome :-D

https://news.ycombinator.com/item?id=48012248