Npm on westerweel.work

Npm on westerweel.workhttps://westerweel.work/en/tags/npm/Recent content in Npm on westerweel.workHugoenMon, 18 May 2026 22:25:05 +0200Five config lines against supply-chain attacks (npm + PyPI)https://westerweel.work/en/posts/2026-05-18-npm-supply-chain-cooldown/Mon, 18 May 2026 00:00:00 +0000https://westerweel.work/en/posts/2026-05-18-npm-supply-chain-cooldown/npm yanks malicious versions within 24-48 hours; PyPI quarantines new uploads within hours. A seven-day cooldown — five config lines — turns that window into your defence.