Activity for finnbayer.de

While I agree with this take it should still be a set value in every current config just to make sure that every person gets the benefit. Even if persons use a version of a package manager that does not set a default (pnpm before v11, current Npm versions etc). Goal: default in pm + set config value

Wes@notwes.bsky.social

I will add a personal opinion: putting this config in every user repo is an asinine decision from a maintainability perspective. Secure defaults (which could include a delay until a package can be scanned before being available from the registry) is a much more scalable solution.

Joined a Colibri community

3mhyddoabof2r

A lot has happened in the last two minor releases of the npm cli that is important to know for people using it: v11.9 : allow-git flag v11.10: min-release-age 🧵

Did my first talk regarding npm supply chain attacks at an internal developer conference last week. 🎉 My main talking point: Pay attention. It is so easy to mindlessly run an npm install without thinking about possible consequences. 🧵