top | item 46092267

(no title)

hrpnk | 3 months ago

TIL: yarn/pnpm has a minimumReleaseAge setting.

"We also suggest you make use of the minimumReleaseAge setting present both in yarn and pnpm. By setting this to a high enough value (like 3 days), you can make sure you won't be hit by these vulnerabilities before researchers, package managers, and library maintainers have the chance to wipe the malicious packages."

discuss

joatmon-snoo|3 months ago

This setting is new and was introduced in response to the first round of shai hulud attacks.