I don't know when this was added but if you use Bun in your TypeScript project, you might be familiar with bun upgrade which is a CLI tool for upgrading the packages you pin and depend on. You can now pass it a "cool down period" which means a certain package update doesn't count unless it's been published for at least X hours. This is critical for avoiding installing compromised NPM packages. Sometimes a package gets hacked. If you were to be unlucky and upgrade to it at that window of time,...
No comments yet. Log in to reply on the Fediverse. Comments will appear here.