Inlay

🧊 Big release for #JavaScript supply chain security: @pnpm.io 11 now defaults to a 1-day Minimum Release Age, blocks exotic subdependencies, and adds a new Allow Builds model. A strong step toward reducing exposure to fast-moving npm attacks → socket.dev/blog/pnpm-11... #nodejs

pnpm 11 turns on a 1-day Minimum Release Age and blocks exotic subdeps by default, adding safeguards against fast-moving supply chain attacks.