Why fetching dependencies directly from VCS is more secure than centralized package registries
I’ve been writing Ruby at my new $dayjob in the last month. After spending most of the last decade writing Go it’s been a fun change of scenery. I did Ruby before (years ago) and I can’t really tell…
Read the full articleYou might also wanna read
Ruby Developer Explores Go: Key Differences in Program Structure and Execution
A Ruby developer documenting their transition to Go highlights the stark structural differences between the two languages. Unlike Ruby, whic
Golang Wrapper: Dependency Wrapping, in Go
All but the simplest applications borrow code. You could write everything yourself from just core language features but who has time for tha
The story of a mildly popular Ruby gem
The list on GitHub of repositories that depend on your repository is scary. There's something nice about writing and releasing a library, mo

The Hermit Operating System
How to Audit and Clean Up Dependencies in Legacy Front-End Projects
Legacy front-end projects often accumulate outdated, poorly documented dependencies over time as multiple developers contribute without cons
Curious Case of Embedded Executable in a Newly Introduced Transitive Dependency
A routine dependency upgrade introduced a suspicious transitive dependency with an embedded executable. While manual analysis confirmed it w

Comments
Sign in to join the conversation.
No comments yet. Be the first.