kamiazya
web-csv-toolbox
Blog
Docs
Changelog
Blog
Docs
Changelog
Overview
Branches
Benchmarks
Runs
Performance History
Latest Results
Version Packages (#615) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
main
13 days ago
build(deps): bump tinybench from 2.9.0 to 6.0.0 Bumps [tinybench](https://github.com/tinylibs/tinybench) from 2.9.0 to 6.0.0. - [Release notes](https://github.com/tinylibs/tinybench/releases) - [Commits](https://github.com/tinylibs/tinybench/compare/v2.9.0...v6.0.0) --- updated-dependencies: - dependency-name: tinybench dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot/npm_and_yarn/tinybench-6.0.0
30 days ago
build(deps-dev): bump @changesets/cli from 2.29.7 to 2.29.8 Bumps [@changesets/cli](https://github.com/changesets/changesets) from 2.29.7 to 2.29.8. - [Release notes](https://github.com/changesets/changesets/releases) - [Commits](https://github.com/changesets/changesets/commits) --- updated-dependencies: - dependency-name: "@changesets/cli" dependency-version: 2.29.8 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot/npm_and_yarn/changesets/cli-2.29.8
30 days ago
feat: implement multi-layered supply chain attack defense (#617) * feat: implement multi-layered supply chain attack defense Implement comprehensive protection against npm supply chain attacks (such as Shai-Hulud 2.0) using a three-layer defense strategy. Layer 1: New Package Release Delay - Add minimumReleaseAge (48 hours) to pnpm-workspace.yaml - Blocks installation of recently published packages - Provides time buffer for community to detect malicious updates Layer 2: Install Script Prevention - Configure ignore-scripts=true in .npmrc - Prevents execution of preinstall/postinstall scripts - Includes whitelist support via onlyBuiltDependencies (currently unused) Layer 3: Continuous Vulnerability Scanning - Add OSV-Scanner workflow for dependency scanning - Integrate security scan into CI/CD pipeline - Fail builds on detected vulnerabilities Documentation: - Add comprehensive supply chain protection section to SECURITY.md - Document configuration, trade-offs, and compromise detection - Include references to defense resources 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * fix: pin OSV-Scanner action to specific commit SHA Pin google/osv-scanner-action to v2.3.0 (b77c075) instead of using floating ref @main for improved security and reproducibility. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * fix: correct pnpm whitelist configuration key Change onlyBuiltDependencies to only-built-dependencies (kebab-case) to match pnpm's actual configuration format. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * fix: correct typo in malicious repo search example Change "Sha1-Hulud" to "Shai-Hulud" to match the actual attack name. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * docs: add inline comment clarifying minimumReleaseAge unit 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * chore: add changeset for supply chain defense 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
main
1 month ago
chore: add changeset for supply chain defense 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
security/supply-chain-defense
1 month ago
fix: correct typo in malicious repo search example Change "Sha1-Hulud" to "Shai-Hulud" to match the actual attack name. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
security/supply-chain-defense
1 month ago
fix: correct pnpm whitelist configuration key Change onlyBuiltDependencies to only-built-dependencies (kebab-case) to match pnpm's actual configuration format. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
security/supply-chain-defense
1 month ago
feat: implement multi-layered supply chain attack defense Implement comprehensive protection against npm supply chain attacks (such as Shai-Hulud 2.0) using a three-layer defense strategy. Layer 1: New Package Release Delay - Add minimumReleaseAge (48 hours) to pnpm-workspace.yaml - Blocks installation of recently published packages - Provides time buffer for community to detect malicious updates Layer 2: Install Script Prevention - Configure ignore-scripts=true in .npmrc - Prevents execution of preinstall/postinstall scripts - Includes whitelist support via onlyBuiltDependencies (currently unused) Layer 3: Continuous Vulnerability Scanning - Add OSV-Scanner workflow for dependency scanning - Integrate security scan into CI/CD pipeline - Fail builds on detected vulnerabilities Documentation: - Add comprehensive supply chain protection section to SECURITY.md - Document configuration, trade-offs, and compromise detection - Include references to defense resources 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
security/supply-chain-defense
1 month ago
Active Branches
build(deps): bump tinybench from 2.9.0 to 6.0.0
last run
30 days ago
#619
CodSpeed Performance Gauge
N/A
build(deps-dev): bump @changesets/cli from 2.29.7 to 2.29.8
last run
30 days ago
#618
CodSpeed Performance Gauge
×3.5
build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0
last run
2 months ago
#558
CodSpeed Performance Gauge
-89%
© 2026 CodSpeed Technology
Home
Terms
Privacy
Docs