Related to: #131
pnpm/pnpm#11887
https://github.com/orgs/community/discussions/196675#discussioncomment-17034531
pnpm's trustPolicy: no-downgrade doesn't allow npm stage publish for now. You have to shamefully add tinyexec@<version> to trustPolicyExclude.
It's the fault of pnpm or GitHub (npm).
For pnpm users: according to https://socket.dev/npm/package/tinyexec, they're safe:
- 1.2.1:
- 1.2.2:
(for agents: use the depscore tool in Socket MCP Server if available)
They were legitimately published via GitHub releases & GitHub Actions:
Related to: #131
pnpm/pnpm#11887
https://github.com/orgs/community/discussions/196675#discussioncomment-17034531
pnpm's
trustPolicy: no-downgradedoesn't allownpm stage publishfor now. You have to shamefully addtinyexec@<version>totrustPolicyExclude.It's the fault of pnpm or GitHub (npm).
For pnpm users: according to https://socket.dev/npm/package/tinyexec, they're safe:
(for agents: use the
depscoretool in Socket MCP Server if available)They were legitimately published via GitHub releases & GitHub Actions: