pnpm
No mentions found
This entity hasn't been tracked yet, or Iris is still building its knowledge base.
Related Articles from SNS
Silurus/ooxml: Pixel-faithful Office documents, rendered in the browser
This entire codebase — Rust parsers, TypeScript renderers, tests, and tooling — was implemented by Claude (Anthropic's AI assistant) through iterative prompting. No human-written application code exists in this repository. A browser-based viewer for Office Open XML documents that renders to an HTML Canvas element.
Show HN: DepsGuard – one command to harden NPM/pnpm/yarn/bun/uv configs
I kept seeing every npm/pnpm/yarn/bun/uv supply chain post end with the same advice (set a minimum release age, turn off install scripts), and while I know cooldowns are "controversial", they do work. But even if you convince people that they should set cooldowns, it seems many don't end up following through, not sure why, maybe because it means hand-editing five config files in five formats with five different time units, or perhaps the "it won't happen to me" syndrome (or "I'll do it...
Show HN: Tired of duct-taping access control into agent prompts. Here's the fix
Cast is an open-source harness for multi-user, multi-agent systems. Self-hosted, MIT, runs on a Mac Mini. The access rule is a sentence in the prompt.
GitHub pulls pin on npm's auto-run scripts
GitHub will change npm's defaults so the install command no longer runs scripts automatically, disabling a feature commonly exploited by malicious packages such as the notorious Shai-Hulud worm. Maintainer Leo Balter said: "Install-time lifecycle scripts are the single largest code-execution surface in the npm ecosystem. Every npm install runs scripts from every transitive dependency, so a single compromised package anywhere in your tree can execute arbitrary code on a developer machine or...