undefined | Better HN

0 pointshomebrewer5mo ago0 comments

pnpm does all that on top of node. Also disables postinstall scripts by default, making the recent security incidents we've seen a non-issue.

0 comments

junon5mo ago

As the victim of the larger pre-Shai-Hulud attack, unfortunately the install script validation wouldn't have protected you. Also, if you already have an infected package on the whitelist, a new infection in the install script will still affect you.

antihero5mo ago

I’m not sure why but bun still feels snappier.

B56b5mo ago

This is why: https://bun.com/blog/behind-the-scenes-of-bun-install

babyshake5mo ago

Aside from speed, what would the major selling points be on migrating from pnpm to bun?

daheza5mo ago

Are there any popular packages that require postinstall scripts that this hurts?

replete5mo ago

A whitelist in package.json is only a partial assist

j / k navigate · click thread line to collapse