at://
/
app.bsky.feed.post
/
3m7i67jx2zc2h
sign in
All
4
Record
2
Post
1
PostEmbed
1
Post
by @danabra.mov
PostEmbed
by @danabra.mov
Record
by @jimpick.com
Record
by @atsui.org
+ new component
Post
The Seattle Times is piloting pnpm’s client-side defenses—blocked lifecycle scripts, release cooldowns, and trust policy—to stop worms like Shai-Hulud 2.0 before they land. Read their story: pnpm.io/blog/2025/12...
6mo
We got lucky with Shai-Hulud 2.0.
pnpm.io
How We're Protecting Our Newsroom from npm Supply Chain Attacks | pnpm
pnpm
