T1195.001Compromise Software Dependencies and Development Tools
98%
“pnpm 11 enables default release - age guard to curb npm supply chain attacks pnpm 11 has been released with a strong focus on reducing software supply chain risk, introducing security - first defaults that directly address modern package ecosystem threats. the most significant ch…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
95%
“attacker compromises a maintainer account and uploads a backdoored version, pnpm users with default settings will not install that version immediately, giving maintainers and registries time to detect and remove it. blocking exotic subdependencies pnpm 11 also enables blockexotic…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
94%
“, clearer policy : teams define which packages are allowed to build scripts. this makes it easier to enforce strict controls and reduce unintended code execution during installs. the release closely follows the discovery of the mini shai - hulud campaign, which compromised packag…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587Develop Capabilities
88%
“attacker compromises a maintainer account and uploads a backdoored version, pnpm users with default settings will not install that version immediately, giving maintainers and registries time to detect and remove it. blocking exotic subdependencies pnpm 11 also enables blockexotic…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587Develop Capabilities
76%
“pnpm 11 enables default release - age guard to curb npm supply chain attacks pnpm 11 has been released with a strong focus on reducing software supply chain risk, introducing security - first defaults that directly address modern package ecosystem threats. the most significant ch…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587Develop Capabilities
31%
“, clearer policy : teams define which packages are allowed to build scripts. this makes it easier to enforce strict controls and reduce unintended code execution during installs. the release closely follows the discovery of the mini shai - hulud campaign, which compromised packag…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
pnpm 11 has been released with a strong focus on reducing software supply chain risk, introducing security-first defaults that directly address modern package ecosystem threats. The most significant change in pnpm 11 is the introduction of a default Minimum Release Age of 24 hours (1440 minutes). This means newly published package versions are not eligible […]