惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

PCI Perspectives
PCI Perspectives
C
CERT Recently Published Vulnerability Notes
Project Zero
Project Zero
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Threatpost
NISL@THU
NISL@THU
H
Help Net Security
G
Google Developers Blog
S
Securelist
Recorded Future
Recorded Future
云风的 BLOG
云风的 BLOG
MyScale Blog
MyScale Blog
V
Vulnerabilities – Threatpost
C
Cyber Attacks, Cyber Crime and Cyber Security
P
Proofpoint News Feed
T
Tenable Blog
M
MIT News - Artificial intelligence
罗磊的独立博客
WordPress大学
WordPress大学
I
Intezer
V2EX - 技术
V2EX - 技术
Schneier on Security
Schneier on Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 叶小钗
Application and Cybersecurity Blog
Application and Cybersecurity Blog
S
Secure Thoughts
C
Cybersecurity and Infrastructure Security Agency CISA
Recent Announcements
Recent Announcements
S
SegmentFault 最新的问题
有赞技术团队
有赞技术团队
H
Hackread – Cybersecurity News, Data Breaches, AI and More
C
Cisco Blogs
大猫的无限游戏
大猫的无限游戏
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
Lohrmann on Cybersecurity
The GitHub Blog
The GitHub Blog
The Cloudflare Blog
宝玉的分享
宝玉的分享
腾讯CDC
V
Visual Studio Blog
Google DeepMind News
Google DeepMind News
美团技术团队
H
Heimdal Security Blog
Hugging Face - Blog
Hugging Face - Blog
The Last Watchdog
The Last Watchdog
L
LINUX DO - 热门话题
Spread Privacy
Spread Privacy
博客园 - 司徒正美
博客园 - Franky
W
WeLiveSecurity

Eleventy Blog

New Sponsorship Tiers for the Build Awesome Kickstarter How We Use GitHub Issues and How That’s Changing Back Build Awesome Pro and make it easier to build for the web! The Possum Mascot, now with additional Awesome Collaborative Editing as Progressive Enhancement Eleventy is now Build Awesome Eleventy, 2025 in Review Eleventy Core Dependency Watch (2025 Edition) The Eleventy Community Survey (2025)
Securely Publishing our Packages to npm
Zach Leather · 2026-06-07 · via Eleventy Blog

As we harden our release practices in the wake of numerous recent vulnerabilities in npm packages amongst high profile authors, it seems worthwhile to celebrate a major milestone for 11ty core and our official suite of plugins: we are now npm Access Token-free!

The @11ty/* ecosystem on npm is now fully migrated to Trusted Publishers.

If you’re interested in taking steps to improve your own security footprint, you can read more about the steps we took at No more tokens! Locking down npm Publish Workflows

No more tokens! Locking down npm Publish Workflows

Dependency Watch

In this same vein, as a project Eleventy has continuously and relentlessly focused on reducing our dependency footprint. You may remember the latest Dependency Watch on our v3.1.0 core release notes:

Version Production Dep Count Production Size
v3.1.0 ×142 21.4 MB
v3.0.0 ×187 27.4 MB
v2.0.1 ×215 36.4 MB
v1.0.2 ×356 73.3 MB

Very astute observers may also be eyeing the upcoming 4.0 canaries which include even more improvements to these numbers! v4.0.0-alpha.4 is 16.6 MB with ×131 deps (with more improvements on the way)!


More Blog Posts