Zoltan Kochan

• Reposted by Zoltan Kochan
  
  Party Like It’s 1939 handle.invalid · Dec 16, 2025
  Therein lies the rub: AI cannot have “ideas” of its own. Every “idea” you thought AI had came from a person, either through prompting or theft. The way to jumpstart the “idea machine” is to have people focused less on survival and more on living passionately.
  • 
    Vox vox.com · Dec 15, 2025
    America, you have spoken loud and clear: You do not like AI. But what if AI is the way to restart the world’s idea machine?
    

    We’re running out of good ideas. AI might be how we find new ones.

    What if the best use of AI is restarting the world’s idea machine?

    vox.com
  1

  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• Reposted by Zoltan Kochan
  
  pnpm pnpm.io · Dec 8, 2025
  The Seattle Times is piloting pnpm’s client-side defenses—blocked lifecycle scripts, release cooldowns, and trust policy—to stop worms like Shai-Hulud 2.0 before they land. Read their story: pnpm.io/blog/2025/12...
  

  How We're Protecting Our Newsroom from npm Supply Chain Attacks | pnpm

  We got lucky with Shai-Hulud 2.0.

  pnpm.io
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• Reposted by Zoltan Kochan
  
  Piotrek Koszuliński pkoszulinski.bsky.social · Nov 24, 2025
  Yet another reminder to use @pnpm.io's minimum dependency age. pnpm.io/settings#min...
  
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postDownload imageShow all post labels
• Reposted by Zoltan Kochan
  
  pnpm pnpm.io · Nov 10, 2025
  🚀 pnpm v10.21 is out! This release introduces two powerful new security & compatibility features: 1️⃣ Automatic Node.js runtime installation for dependencies 2️⃣ Configurable trust policy for detecting supply-chain downgrades 🧵👇
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• Reposted by Zoltan Kochan
  
  ECMAScript.News ecmascript.news · Nov 10, 2025
  pnpm 10.21: installing Node.js runtimes for dependencies, not installing dependencies with decreased trust levels, and more @kochan.io @pnpm.io pnpm.io/blog/release... #ECMAScript #JavaScript
  

  pnpm 10.21 | pnpm

  Added support for Node.js runtime installation for dependencies and a setting for configuring trust policy.

  pnpm.io
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• Reposted by Zoltan Kochan
  
  dominikg dominikg.dev · Nov 10, 2025
  @pnpm.io added a `trustPolicy` option in 10.21. It allows you to prevent installing potentially malicious dependency updates that are not signed like previous versions. pnpm.io/blog/release... Thank you for all the performance, productivity and security enhancements over the last years 💜
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• Reposted by Zoltan Kochan
  
  Software Engineering Daily softwaredaily.bsky.social · Sep 18, 2025
  Zoltan Kochan is a full stack web developer and the creator of @pnpm.io. He joins the show with @joshuakgoldberg.com to talk about the state of package management for web dev. @kochan.io softwareengineeringdaily.com/2025/09/18/p...
  

  pnpm with Zoltan Kochan - Software Engineering Daily

  Traditional package management systems for JavaScript have faced several inefficiencies related to dependency storage, resolution, and project performance. pnpm is a fast, disk-efficient package manag...

  softwareengineeringdaily.com
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• Reposted by Zoltan Kochan
  
  Socket socket.dev · Sep 15, 2025
  After recent npm supply chain attacks, @pnpm.io 10.16 adds a setting for delayed dependency updates. Tools like Taze and npm-check-updates are testing similar “maturity” options, hinting at a cautious new trend in #JavaScript package management. socket.dev/blog/pnpm-10... #NodeJS
  

  pnpm 10.16 Adds New Setting for Delayed Dependency Updates -...

  pnpm's new minimumReleaseAge setting delays package updates to prevent supply chain attacks, with other tools like Taze and NCU following suit.

  socket.dev
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• 
  Zoltan Kochan kochan.io · Sep 15, 2025
  Wow, Hollywood is so creative
  
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postDownload imageShow all post labels
• 
  Zoltan Kochan kochan.io · Jul 31, 2025
  I feel like pnpm will eventually grow from being a "npm alternative" to being a "nix alternative" but "pnix" doesn't sound appropriate 😂
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• 
  Zoltan Kochan kochan.io · Jul 31, 2025
  With the changes to the lockfile format and the new types of fetchers that were added to pnpm, now it is really easy to make pnpm an installer for anything bsky.app/profile/pnpm...
  • 
    pnpm pnpm.io · Jul 31, 2025
    pnpm v10.14 is shipped with support for runtime engine installation. Node, Deno, and Bun are supported. pnpm.io/blog/release...
    
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• Reposted by Zoltan Kochan
  
  Alex Strook 🐭⚡️SQUEAKROSS alexstrook.bsky.social · Jul 5, 2025
  when you open a service you've been using for a decade only to find it out it caught the virus
  
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postDownload imageShow all post labels
• Reposted by Zoltan Kochan
  
  pnpm pnpm.io · Jul 3, 2025
  Replying to pnpm
  The pnpm repository has 32K stars!
  
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postDownload imageShow all post labels
• 
  Zoltan Kochan kochan.io · Jun 27, 2025
  I am thinking about a better name for the pnpm "virtual store". Which is where the dependency is written with its unique dependency graph. I couldn't find any prior art to this. Maybe "Package Context" could work. Or "fully resolved package store" but that's long.
  1

  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• 
  Zoltan Kochan kochan.io · Jun 27, 2025
  For context, this is what I am talking about: pnpm.io/settings#ena...
  

  Settings (pnpm-workspace.yaml) | pnpm

  pnpm gets its configuration from the command line, environment variables, pnpm-workspace.yaml, and

  pnpm.io
  1

  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• 
  Zoltan Kochan kochan.io · Jun 28, 2025
  I think dependency graph store is the best option github.com/pnpm/pnpm.io...
  

  docs: rename virtual store to dependency graph store by zkochan · Pull Request #683 · pnpm/pnpm.io

  github.com
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• 
  Zoltan Kochan kochan.io · Jun 26, 2025
  Many packages request funding by printing message with postinstall scripts. What if instead of requesting funding we would promote sponsors? After all, we want companies to sponsor open source projects as they are the ones that make profit from it.
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• 
  Zoltan Kochan kochan.io · Jun 25, 2025
  A lot of packages use postinstall scripts for printing out messages about funding. Could there be a better way to do this? pnpm doesn't even print the outputs from these scripts.
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• 
  Zoltan Kochan kochan.io · Jun 25, 2025
  🚀 Check out what we’ve been building at Bit: Hope AI: Architect agent that builds professional software www.producthunt.com/products/hop...
  

  Hope AI: Architect agent that builds professional software | Product Hunt

  Build maintainable, production-grade applications. Control generation at component-level with prompts and design sketches. Compose with design system and reusable components. Deploy instantly. Generat...

  producthunt.com
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• Reposted by Zoltan Kochan
  
  Maël Nison mael.dev · Jun 12, 2025
  @kochan.io's talk about configDependencies made me realize we forgot to document remote plugins on the Yarn website 🙈
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• Reposted by Zoltan Kochan
  
  Maël Nison mael.dev · Jun 12, 2025
  Package manager summit with @kochan.io at #JSNation !
  
  1

  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postDownload imageShow all post labels
• Reposted by Zoltan Kochan
  
  Anton Stoychev stoychev.dev · Jun 3, 2025
  Ton of npm libs use github.com/cosmiconfig/... to load their config files. But, today I learned, if nodejs dies, the temporarily file created by cosmiconfig remains 🤷‍♂️ I fixed this locally in 5 mins thanks to the amazing patch ability of @pnpm.io (kudos @kochan.io!) and the LLMs era of code editors
  

  GitHub - cosmiconfig/cosmiconfig: Find and load configuration from a package.json property, rc file, TypeScript module, and more!

  Find and load configuration from a package.json property, rc file, TypeScript module, and more! - cosmiconfig/cosmiconfig

  github.com
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• 
  Zoltan Kochan kochan.io · Jun 3, 2025
  So... I was working on making @pnpm.io a tad faster 😜 youtu.be/pNDFfJvaubY?...
  

  A short demo of pnpm's speed with a new experimental option

  YouTube video by pnpm

  youtu.be
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• 
  Zoltan Kochan kochan.io · May 16, 2025
  I have copied over the list of trusted dependencies maintained by bun. So, you can use it with @pnpm.io if you want: github.com/pnpm/trusted...

  GitHub - pnpm/trusted-deps

  Contribute to pnpm/trusted-deps development by creating an account on GitHub.

  github.com
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• 
  Zoltan Kochan kochan.io · May 6, 2025
  I have searched Github for usages of "config dependencies". Found a single project for now: github.com/PSDTools/psd... This is a hook that removes polyfills from dependencies if they are not needed.

  https://github.com/PSDTools/psdtools.github.io/blob/dd17f4f04d05b7560a8745557d9e99673d5369ad/pnpm-workspace.yaml#L167

  github.com
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• Reposted by Zoltan Kochan
  
  Aviv Keller aviv.sh · May 2, 2025
  We’re excited to share that the @nodejs.org website (nodejs.org) now builds using @pnpm.io! This switch has led to faster CI builds and more efficient dependency management.
  

  Node.js — Run JavaScript Everywhere

  Node.js® is a JavaScript runtime built on Chrome's V8 JavaScript engine.

  nodejs.org
  1

  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels
• Reposted by Zoltan Kochan
  
  Wes Bos wesbos.com · May 1, 2025
  pnpm patch is a LIFE SAVER
  • 
    Syntax syntax.fm · May 1, 2025
    [Not loaded yet]
  Repost Quote post

  View on BlueskyCopy Bluesky URLCopy post URLTranslate postShow all post labels