Steve Fenton ➜Supply-chain security woes! Here's a simple configuration that will improve your PNPM security posture along with a nudge towards something even deeper!
https://coderlegion.com/14098/configuring-pnpm-to-tackle-the-supply-chain-bonfire
Configuring PNPM to tackle the supply chain bonfire
You have probably faced the same dilemma. If you let you dependencies get out of date, the chances are you'll harbor a code vulnerability. If you update them too soon, you potentially introduce a malicious version with a supply chain attack. This may...