Skip to content
Home
Blog
Notes
Notes/NPM Supply Chain Security

NPM Supply Chain Security

November 27, 2025•1 min read
npmsecuritysupply chain

implementation

pnpm config

cat $(pnpm config get globalconfig)

minimum-release-age=2880 trust-policy=no-downgrade

.zshrc config

npm i -g sfw npm i -g npq alias pnpm="NPQ_PKG_MGR=pnpm sfw npq-hero"

delete packages incl. cache

⚠️ be careful

find . -name "node_modules" -type d -prune -exec rm -rf '{}' + pnpm store prune rm -rf $(pnpm store path) # more aggressive

sources

  • https://pnpm.io/supply-chain-security
  • https://github.com/lirantal/npm-security-best-practices
  • https://www.npmjs.com/package/npq
  • https://github.com/SocketDev/sfw-free

Last updated on November 27, 2025

← Back to Notes
RSS|

© 2026 Johannes Konings. All rights reserved.