[–] giancarlostoro 1mo ago ↗ Interesting has a 24hr cooldown before trusting package updates and a no-trust option for trusting downgrades given all the npm hacks and issues lately, smart move. I wonder if there's better ways to protect against this.
[–] gu5 1mo ago ↗ appears vibecoded which doesn't give me confidence, still interesting though.pnpm has also moved a few of its components from javascript to rust in its latest release
3 comments
[ 5.0 ms ] story [ 14.4 ms ] threadpnpm has also moved a few of its components from javascript to rust in its latest release