Hardening Yarn Against Supply Chain Attacks
A few lines in .yarnrc.yml and a small package.json allowlist that buy you real protection against the kind of supply chain attacks that have been hitting the JS ecosystem lately.
Hardening npm Against Supply Chain Attacks
A few small changes to .npmrc, a shell wrapper and a couple of dev dependencies that buy you real protection against the kind of supply chain attacks that have been hitting npm lately.