Home / Companies / Socket / Blog / Post Details
Content Deep Dive

pnpm 11.10 Hardens Registry Authentication to Block Token Redirection

Blog post from Socket

Post Details
Company
Date Published
Author
Sarah Gooding
Word Count
514
Company Posts That Month
6
Language
English
Hacker News Points
-
Post removed?
No
Summary

pnpm 11.10 introduces several supply chain security enhancements, notably a new method for configuring registry authentication that prevents registry tokens from being redirected to different hosts. This update includes an _auth setting that ties each token to its registry, ensuring credentials travel securely and are read only from the environment or global config. The release also resolves a previous issue where authentication was broken due to changes in handling environment variables for registry credentials. Alongside security improvements, pnpm 11.10 provides an installation path for pnpm v12, a Rust rewrite aimed at improving installation speed and reducing overhead, even though it is still in pre-release. Additional security measures include rejecting output paths outside the project and addressing a prototype pollution vulnerability. This release continues pnpm's trend of enhancing supply chain security by enforcing stricter controls and protecting against potential threats in repository files.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.