minus-squarePinhead77@piefed.socialtoSelfhosted@lemmy.world•18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCElinkfedilinkEnglisharrow-up1·edit-21 day agoYou can use pnpm instead of npm. pnpm has a “Delay dependency updates” feature where you can install package versions that are x old only. See https://pnpm.io/supply-chain-security#delay-dependency-updates Edit: I just found out, that this can also be specified in npm and yarn: https://gist.github.com/mcollina/b294a6c39ee700d24073c0e5a4e93104 linkfedilink
You can use pnpm instead of npm. pnpm has a “Delay dependency updates” feature where you can install package versions that are x old only.
See https://pnpm.io/supply-chain-security#delay-dependency-updates
Edit: I just found out, that this can also be specified in npm and yarn: https://gist.github.com/mcollina/b294a6c39ee700d24073c0e5a4e93104