What is the idea?
Migrate off of the npm CLI and on to the pnpm CLI.
What problem does it solve?
There has been an increasing number of supply chain attacks involving the npm CLI executing build scripts by default. pnpm does not execute these scripts by default so it's safer.
What is the idea?
Migrate off of the
npmCLI and on to thepnpmCLI.What problem does it solve?
There has been an increasing number of supply chain attacks involving the
npmCLI executing build scripts by default.pnpmdoes not execute these scripts by default so it's safer.