The Seattle Times is piloting pnpm’s client-side defenses—blocked lifecycle scripts, release cooldowns, and trust policy—to stop worms like Shai-Hulud 2.0 before they land. Read their story: pnpm.io/blog/2025/12...