
npm and pnpm Introduce Staged Package Publishing
Staged publishing lets you upload to the registry, verify, then promote — reducing supply-chain blast radius. Plus pnpm 11.3 trustLockfile and npm 12 prerelease.

Tag
All blog posts with this tag.

Staged publishing lets you upload to the registry, verify, then promote — reducing supply-chain blast radius. Plus pnpm 11.3 trustLockfile and npm 12 prerelease.

Concatenation, template literals, and innocent-looking sql variables — why reviews miss them and how eslint-plugin-pg catches them statically.

40% of teams cite security as the top barrier to scaling agentic AI. Docker Sandboxes, Engine hardening, and governance for autonomous code.

arXiv preprint: attackers split harmful tasks across benign-looking sessions — clustering weak signals catches misuse ~30% earlier with negligible latency for most traffic.

ignore-scripts, npm ci, provenance, and lockfile review—layered defenses when node_modules holds thousands of transitive packages.