InfoQ Homepage Package Managers Content on InfoQ
-
Heuristic Static Analysis Tool GuardDog Used to Detect Several Malicious PyPi Packages
GuardDog is new open source tool aimed at identifying malicious Python Packages using Sempreg and package metadata analysis. Thanks to a set of source code heuristics, GuardDog can detect malicious packages never seen before and has been used to identify several malicious PyPi packages in the wild.
-
The JavaScript Coder's Guide to Getting More from GitHub and Npm - GitHub Satellite 2020
Edward Thomson, npm product manager at GitHub, recently explained at GitHub Satellite 2020 the implications of npm joining GitHub for JavaScript developers and how to get the best out of GitHub for both open source and professional work.
-
Import Maps - Guy Bedford at ESNEXT 2020
Guy Bedford, core contributor and creator of the dynamic module loader system.js, discussed the workflows enabled by import maps. In his talk at ESNEXT this year, Bedford took a historical view while introducing the motivation behind the import map proposal, and linked the feature with the package entry points used in the latest version of node.
-
pnpm: a Space-Efficient JavaScript Package Manager
pnpm is an npm compatible package manager for JavaScript that offers significant improvements in both speed and disk space usage. With the release of version 5.0, it's time to take a serious look at what differentiates pnpm from the competition.
-
Npm, Inc. Announces Npm Pro for Independent JavaScript Developers
npm, Inc. recently announced the launch of npm Pro, designed for independent JavaScript developers. npm also rebranded its existing npm Orgs, which caters to teams of developers, as npm Teams.
-
GitHub Package Registry Integrates Source Code and Packages
GitHub launched a limited beta of its new Package Registry, aiming to simplify publishing public or private packages under the same user interface as source code. GitHub Package Registry supports npm, Maven, RubyGems, NuGet, and Docker images, and support for more package management tools is already on its roadmap.
-
Dependabot Automatically Creates GitHub PRs to Fix Your Vulnerabilities
Leveraging GitHub Security Advisory API, Dependabot aims to help developers track their dependencies, monitoring the security of their programs, and making sure any potential vulnerabilities are removed as easily as possible by automatically creating PRs to resolve them.
-
Homebrew 1.9 Adds Linux Support, Auto-Cleanup, and More
The latest release of popular macOS package manager Homebrew includes support for Linux, optional automatic package cleanup, and extended binary package support. InfoQ has spoken with Mike McQuaid, current maintainer of the project.
-
Kubernetes Package Manager Helm Now Hosted by the CNCF
Earlier in the month the Cloud Native Computing Foundation (CNCF) Technical Oversight Committee (TOC) voted to accept Helm as an incubation-level hosted project. Helm is a package manager that provides an “easy way to find, share, and use software built for Kubernetes”.
-
NPM Releases New Security Features
Today, Npm released new features that should help secure the package registry from attackers. The use of two-factor authentication and authentication token restrictions should help keep packagers more secure.
-
Yarn 1.0 Adds Workspaces, Auto-Merge and Selective Version Resolution
Almost a year ago we published the news Facebook Open Sources Yarn, a JavaScript Package Manager, introducing Yarn and the motivation behind its creation. The community has moved the project forward, releasing the first major version with workspaces, automatic merging, selective version resolution and many other features and fixes.
-
Npm 5.0 Boosts Common Sense Performance
Npm 5.0 is a highly anticipated release that has been years in coming. The new version of the JavaScript package manager has a completely rewritten cache and has performance that is more in-line with its most direct competitor.
-
IBM Pushes Swift for the Cloud with Swift Runtime, Package Catalog, and More
After introducing their Swift sandbox, IBM have recently announced their next step to support Swift in the cloud by previewing IBM Swift runtime, Swift Package Catalog, and open-sourcing Kitura, a framework for Web app development.
-
Introducing Paket, a Package Manager for .NET
Paket is a package manager for .NET languages, intended to be an alternative for the popular NuGet. InfoQ reached out with Steffen Forkmann, co-creator of the project, to learn more about Paket's origin and features.
-
Container Manifests, Docker Labels, and the Implications on Security: A Q&A with Gareth Rushgrove
At DockerCon EU 2015, InfoQ sat down with Gareth Rushgrove, a senior software engineer at Puppet Labs, and explored the concepts behind his conference presentation “Shipping Manifests, Bill of Lading and Docker”. The range of topics discussed included the benefits of system package management (manifest) metadata, the use of Docker labels, and the implications on security and compliance audits.