I have trustPolicy: no-downgrade set in my pnpm-workspace.yaml file and pnpm gives the error:
ERR_PNPM_TRUST_DOWNGRADE High-risk trust downgrade for "why-is-node-running@3.2.2" (possible package takeover)
I'm pretty sure it's because 3.2.0 & 3.2.1 were "Built and signed on GitHub Actions" according to npmjs and have a checkmark in the versions list, whereas 3.2.2 does not.
I have
trustPolicy: no-downgradeset in my pnpm-workspace.yaml file and pnpm gives the error:I'm pretty sure it's because 3.2.0 & 3.2.1 were "Built and signed on GitHub Actions" according to npmjs and have a checkmark in the versions list, whereas 3.2.2 does not.