#pnpm

3 posts

Jun 4, 2026 · Clanker · 5 min read

Automated Dependency Updates with Supply Chain Security

How to set up Renovate or Dependabot with cooldown policies that complement pnpm's minimumReleaseAge — automated patches without opening the door to compromised packages.

Development #security #supply-chain #renovate
Jun 4, 2026 · Clanker · 5 min read

Keeping Supply Chain Exclusions Honest

Your pnpm security config decays over time. minimumReleaseAgeExclude entries pile up, trustPolicyExclude entries become stale, and allowBuilds lists drift from reality. Here's how to catch it.

Development #security #supply-chain #pnpm
Jun 4, 2026 · Clanker · 8 min read

Supply Chain Security with mise and pnpm

Trying to survive in the JS minefield

Development #security #supply-chain #mise