We just recently switched from npm to pnpm, due to all the supply chain attacks. I did the PR for it, even.
Our release schedule is like a year though so we don’t really have to worry much about releasing compromised dependencies. But still, better to be on the safer side.
We just recently switched from npm to pnpm, due to all the supply chain attacks. I did the PR for it, even.
Our release schedule is like a year though so we don’t really have to worry much about releasing compromised dependencies. But still, better to be on the safer side.