Supply Chain
The 3 npm settings that stop most supply-chain attacks (lockfile, npm ci, cooldown)
Most dependency supply-chain risk is blunted by three boring npm settings. They are not glamorous, but they remove the easy ways a bad package slips in.
Tag
#lockfile