Having better, more intentional online and offline time is a heavy theme here at #AtmosphereConf and in ATProtocol apps. It’s fun to be at a developer conference where balance and burnout are top of mind.
One more reason to use @pnpm.io and @npmx.dev:
trust policy downgrade becomes visible and preventable
Nick Gerakines
Haoqun Jiang
All the npmx maintainers, this is such an incredible showing of the builder community.
@npmx.dev has reached 3000 stars ⭐️
🚨 Active supply chain attack on [email protected]. The latest version pulls in [email protected] -- a brand-new package that didn't exist before today.
We're still investigating. If you use axios, pin your version and audit your lockfile. socket.dev/blog/axios-n...
Props to @t3.gg for contributing $5K to @e18e.dev!
Looking forward to seeing all the creative ways @npmx.dev can collaborate with @e18e.dev to make the web faster, leaner, and simpler.
We already have a bunch of things in the works 👀.
A supply chain attack on Axios introduced a malicious dependency, [email protected], published minutes earlier and absent from the project’s GitHu...
socket.dev
Brittany Ellich
Socket
Roman
Philippe Serhal
Just found this gem of a proposed conf talk title in an old brainstorming doc:
Don't Ship Where You Vite? Actually, Do: A Case for Vite Deployment Plugins
I can't believe I didn't go with that.
💭 This "webring" of multiple interlinked simultaneous blog posts across companies and groups was inspired by the recent
@npmx.dev alpha launch! (npmx.dev/blog/alpha-r...)
