v2025.11.20

What's Changed

• Add minimum release age configuration for Bun by @pHo9UBenaA in #9
• Improve section about the preinstall phase
• Improve section about the runtime phase
• Remove CLI commands for NPM Legacy Access Tokens (deprecated)

New Contributors

• @pHo9UBenaA made their first contribution in #9

Full Changelog: v2025.10.8...v2025.11.20

v2025.10.8

What's Changed

• Add JSR as an alternative registry to npm
• Add https://github.com/antfu/open-packages-on-npm to Trusted Publishing section
• Correct date command for non-BSD users by @dangbert in #7
• Add Ecosystem Funds: https://funds.ecosyste.ms
• Add OpenSSF Scorecard: https://securityscorecards.dev

New Contributors

• @dangbert made their first contribution in #7

Full Changelog: v2025.9.30...v2025.10.8

v2025.9.30

First release, nothing to compare.

Readme thus far: https://github.com/bodadotsh/npm-security-best-practices/blob/v2025.9.30/README.md