Keeping your cheese safe: raclette 0.1.11 release
Get the latest updates, insights, and exclusive content from raclette delivered directly to your inbox. Join our community of developers!
Hi there,
This weekβs update is a little less flashy β but no less important. π§
While raclette usually brings new features to the table, this round is all about security .
π npm supply chain attack (Shai-Hulud)
In mid-September, the largest npm supply chain attack so far hit the ecosystem. It served as a sharp reminder of how fragile trust in dependencies can be β and why discipline in dependency management is essential.
We took this as the perfect moment to complete something we had already planned:
β‘οΈ All @raclettejs packages now pin their dependencies to fixed versions. No more caret (^) ranges. No surprises sneaking in when you install.
This means:
- Every dependency version we use is reviewed and audited.
- Lockfiles are cross-checked for integrity.
- raclette apps stay safe from compromised packages pulled in at the wrong time.
βοΈ Want the bigger picture?
We wrote up our thoughts on npm security, why raclette takes a stricter approach, and whatβs our strategy for the future in terms of application security with raclette.
π¦ Releases this week:
-
@raclettejs/core: v0.1.10 β v0.1.11 -
@raclettejs/workbench: v0.1.10 β v0.1.11 -
@raclettejs/types: v0.1.1 β v0.1.11 @raclettejs/plugin-cli-connector: v0.1.0 β v0.1.1
All updated to the latest NPM dependencies and pinned for maximum stability. No new features this week β just making sure your foundation stays rock solid.
Thanks for following along and building with us. Not every week needs fireworks β sometimes itβs enough to know your cheese is safe from mold π
Until next melt,
Sincerely yours, The Cheesy People
Newsletter from September 19, 2025