pnpm is even worse. There is no way to bootstrap it without binary blobs making it an easy target supply chain attack waiting to happen that could hide in plain sight indefinitely.
pnpm is even worse. There is no way to bootstrap it without binary blobs making it an easy target supply chain attack waiting to happen that could hide in plain sight indefinitely.
Do you use Gentoo as OS?
I did for over a decade, but it does not go far enough with supply chain security.
I bootstrapped a new generation of Linux distribution from 180 bytes of human readable x86 machine code all the way up.
https://stagex.tools
You should probably caveat any post you make about security concerns with that, so people can more easily judge whether your concerns line up with their threat model.