pnpm 11 feels like the first Node.js package manager update in a while that actually improves supply chain security by default. Features like: minimumReleaseAge blockExoticSubdeps allowBuilds directly reduce the risk of malicious package installs in CI/CD pipelines. I wrote a short deep dive on why I think pnpm is now a better default than npm for production workloads. Curious what others here are using in production today. submitted by /u/root0ps [link] [comments]