pnpm does all that on top of node. Also disables postinstall scripts by default, making the recent security incidents we've seen a non-issue.

▲

junon 3 hours ago | parent | next [-]

As the victim of the larger pre-Shai-Hulud attack, unfortunately the install script validation wouldn't have protected you. Also, if you already have an infected package on the whitelist, a new infection in the install script will still affect you.

▲

antihero 5 hours ago | parent | prev | next [-]

I’m not sure why but bun still feels snappier.

	▲	B56b 4 hours ago \| parent \| next [-]
		This is why: https://bun.com/blog/behind-the-scenes-of-bun-install
	▲	babyshake 4 hours ago \| parent \| prev [-]
		Aside from speed, what would the major selling points be on migrating from pnpm to bun?

▲

daheza 4 hours ago | parent | prev [-]

Are there any popular packages that require postinstall scripts that this hurts?