Recently our project upgraded to pnpm 11. While maintaining the project dependencies, I took a look at how pnpm audit --fix fixes vulnerabilities. pnpm audit itself is easy to understand: it checks whether dependencies in the lockfile match known vulnerabilities. But once --fix enters the picture, things become a little more subtle.
[ Security ]
You might have heard of the new scam about the CAPTCHA which asks you to use Windows + R to verify that you are human. It gives you a popup and introduces a verification step with Windows + R and Ctrl + V then press Enter. You probably already know how it works, but let's take a closer look at their code this time.