pnpm is even worse. There is no way to bootstrap it without binary blobs making it an easy target supply chain attack waiting to happen that could hide in plain sight indefinitely.

▲

pjmlp 5 hours ago | parent [-]

Do you use Gentoo as OS?

	▲	lrvick 30 minutes ago \| parent [-]
		I did for over a decade, but it does not go far enough with supply chain security. I bootstrapped a new generation of Linux distribution from 180 bytes of human readable x86 machine code all the way up. https://stagex.tools