Hackernews posts about Pnpm

  1. Show HN: DepsGuard – One command to harden NPM/pnpm/yarn/bun/uv configs (github.com)
    40 points by eranation 20 days ago | 7 comments
  2. Setting Node and PNPM Versions in Cloudflare Workers Programmatically (senhongo.com)
    3 points by SenHeng 7 days ago | discuss
  3. Pnpm temp paths broke lifecycle sockets (github.com)
    1 points by scarabsystems 3 days ago | discuss
  4. Show HN: Pacwich – lightweight new monorepo tooling on top of Bun, NPM, or pnpm (pacwich.dev)
    1 points by smorsic 5 days ago | discuss
  5. LLM proactively bypassed pnpm's anti-supply-chain-attack config (twitter.com)
    1 points by EFLKumo 27 days ago | discuss
  6. Layman with no degree directs AI agents to derive Newton's G to 1.86 ppm (github.com)
    4 points by Oldrich333 28 days ago | 1 comments
  7. PnPUtil Command Line Tool for Driver Packages (learn.microsoft.com)
    3 points by ankitg12 21 days ago | discuss
  8. Four ppm measurement of the antihydrogen ground-state hyperfine splitting (www.nature.com)
    3 points by igortru 24 days ago | discuss
  9. Show HN: Clinglang – A shorthand language for doctors to write structured cases (github.com)
    1 points by ppnpm 23 days ago | discuss
  10. Malicious npm packages detected across Red Hat Cloud Services (github.com)
    775 points by kurmiashish 20 days ago | 454 comments
  11. Upcoming breaking changes for npm v12 (github.blog)
    484 points by plasma 12 days ago | 208 comments
  12. Staged publishing and new install-time controls for npm (github.blog)
    61 points by brianmcnulty 30 days ago | 11 comments
  13. New IronWorm malware hits 36 packages in NPM supply-chain attack (www.bleepingcomputer.com)
    22 points by yogthos 16 days ago | discuss
  14. Hide Secrets from AI Agents and NPM install using Airgap (sauleau.com)
    19 points by netgusto 2 days ago | 2 comments
  15. Npm-scan: Modern supply chain security for the npm ecosystem (github.com)
    9 points by lateos-ai 21 days ago | discuss
  16. Ongoing NPM supply chain attack uses binding.gyp to spread like a worm (github.com)
    6 points by varunsharma07 18 days ago | discuss
  17. NPM attack targets Zapier and security tool browser extensions (opensourcemalware.com)
    5 points by 6mile 3 days ago | 1 comments
  18. I scored 200 blockchain NPM packages for deprecation and hijack risk (chain-audit.netlify.app)
    5 points by Heavensinfinite 4 days ago | discuss
  19. New IronWorm malware hits 36 packages in NPM supply-chain attack (www.bleepingcomputer.com)
    5 points by segmenta 17 days ago | discuss
  20. Miasma NPM Supply Chain Attack: Self-Spreading Worm via Phantom Gyp (www.stepsecurity.io)
    5 points by gaurang_tandon 17 days ago | discuss
  21. A 176-Package NPM Campaign Built to Beat Your Internal Dependencies (www.sonatype.com)
    5 points by speckx 24 days ago | discuss
  22. Show HN: Nuts – pip/NPM for Java with first-class workspaces, JDK provisioning (github.com)
    4 points by thevpc 11 days ago | 2 comments
  23. New Shai-Hulud malware wave compromises 600 NPM packages (itnerd.blog)
    4 points by mooreds 27 days ago | 2 comments
  24. September 2025 NPM Attack Hit 2.6B Weekly Downloads. Most Found Out on Twitter (datanexusmcp.com)
    4 points by jsmudda 3 days ago | 1 comments
  25. Multiple mastra NPM packages compromised (github.com)
    4 points by varunsharma07 5 days ago | 1 comments
  26. Red Hat packages backdoored through its official NPM channel (arstechnica.com)
    4 points by RedShift1 20 days ago | 1 comments
  27. GitHub pulls pin on NPM's auto-run scripts (www.theregister.com)
    4 points by MrDresden 11 days ago | discuss
  28. NPM staged publishing setup with approximately one click per package (lavamoat.github.io)
    4 points by naugtur 24 days ago | discuss
  29. >400 AUR Packages Compromised with NPM post-install malware (archlinux.org)
    3 points by lorenzohess 9 days ago | 1 comments
  30. I Am Open Sourcing Hissab Calculator App, Skills, CLI and NPM (github.com)
    3 points by prenx4x 11 days ago | 1 comments
More