> ## Documentation Index
> Fetch the complete documentation index at: https://jan.pizza/llms.txt
> Use this file to discover all available pages before exploring further.

# NPM Supply-Chain Attacks

I recommend enforcing use of [AikidoSec/safe-chain](https://github.com/AikidoSec/safe-chain) (or similar tools) in developers' setups, as well as in CI/CD.

While configuration of minimum release date per project is becoming globally available config for most package managers, I still believe this solution is more optimal, as it reduces the risk of compromising developers in your team way more.
