Some improvements to protect yourself (a bit) against malicious NPM packages, in light of the TanStack / Shai-Hulud thing that’s been making a bit of noise during the last 24h:
npm config set min-release-age=4
npm config set ignore-scripts = true
Note that min-release-age is pretty new (npm version ~11.10, released in early 2026, crazy isn’t it?)
To view all your config:
npm config list -l
Typical config files on Windows:
%APPDATA%\npm\node_modules\npm\npmrc %USERPROFILE%\.npmrc
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.