
























As we harden our release practices in the wake of numerous recent vulnerabilities in npm packages amongst high profile authors, it seems worthwhile to celebrate a major milestone for 11ty core and our official suite of plugins: we are now npm Access Token-free!
The @11ty/* ecosystem on npm is now fully migrated to Trusted Publishers.
If you’re interested in taking steps to improve your own security footprint, you can read more about the steps we took at No more tokens! Locking down npm Publish Workflows
In this same vein, as a project Eleventy has continuously and relentlessly focused on reducing our dependency footprint. You may remember the latest Dependency Watch on our v3.1.0 core release notes:
| Version | Production Dep Count | Production Size |
|---|---|---|
| v3.1.0 | ×142 | 21.4 MB |
| v3.0.0 | ×187 | 27.4 MB |
| v2.0.1 | ×215 | 36.4 MB |
| v1.0.2 | ×356 | 73.3 MB |
Very astute observers may also be eyeing the upcoming 4.0 canaries which include even more improvements to these numbers! v4.0.0-alpha.4 is 16.6 MB with ×131 deps (with more improvements on the way)!
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。