dependency-management

Tag

Cards List
#dependency-management

A hash proves the bytes, not the source

Lobsters Hottest · 2d ago Cached

Collider 1.3.0 adds path traversal protection for repository indices and strips bearer tokens on cross-origin redirects to prevent security vulnerabilities.

0 favorites 0 likes
#dependency-management

@omarsar0: Cross Repo Review maps how your repos depend on each other. Then on every PR, it reads the related repos and surfaces d…

X AI KOLs Following · 2026-06-23 Cached

Cross Repo Review is a tool that maps inter-repo dependencies and surfaces downstream impacts, breaking changes, and blast radius on PRs, tracking code, service, data, and pipeline dependencies.

0 favorites 0 likes
#dependency-management

@googledevs: New CI pipeline challenge: the dependency changed, the build got faster, and production broke. What went wrong?

X AI KOLs Following · 2026-06-22 Cached

Google Devs presents a CI pipeline challenge where a dependency change made the build faster but broke production, prompting a debugging puzzle.

0 favorites 0 likes
#dependency-management

Package Managers need global hooks

Hacker News Top · 2026-06-18 Cached

A blog post advocating for package managers to support global hooks as a more secure and flexible alternative to current package security measures like registries or shell wrappers.

0 favorites 0 likes
#dependency-management

@charliermarsh: ty-pre-commit is out now! Pre-commit hooks for type checkers typically require you to either enumerate your dependencie…

X AI KOLs Following · 2026-06-11 Cached

ty-pre-commit is a new tool that simplifies pre-commit hooks for type checkers by automatically installing dependencies using uv.

0 favorites 0 likes
#dependency-management

Cooldown Support for Ruby Bundler

Hacker News Top · 2026-06-03 Cached

Bundler 4.0.13 introduces a cooldown feature that blocks resolution to gems published less than N days ago, mitigating supply-chain attacks. It is opt-in and configurable per source, setting, or command-line flag.

0 favorites 0 likes
#dependency-management

Ohbin – uv wrapper for installing tools from GitHub

Hacker News Top · 2026-06-02 Cached

Ohbin is a Python tool that acts as a uv wrapper for installing GitHub release binaries directly into a project, eliminating the need for hand-rolled wrapper packages. It automates download, SHA256 verification, caching, and execution via a simple declarative configuration in pyproject.toml.

0 favorites 0 likes
#dependency-management

I made rust's cargo copy but for CPP

Hacker News Top · 2026-05-10 Cached

CRow is a new open-source build system and dependency manager for C/C++ that mimics the simplicity of Rust's Cargo.

0 favorites 0 likes
#dependency-management

Switching from uv to PDM

Lobsters Hottest · 2026-04-21 Cached

Developer shares experience switching Python projects from uv to PDM, highlighting PDM’s pure-Python codebase, new 2.26.8 release with relative-time dependency cooldown, and enhanced project-management features.

0 favorites 0 likes
#dependency-management

Defense in Depth: A Practical Guide to Python Supply Chain Security

Lobsters Hottest · 2026-04-19 Cached

A practical guide to securing Python supply chains through layered defenses including linting with Ruff, dependency pinning with hashes, vulnerability scanning with pip-audit, SBOM generation, and Trusted Publishing with OIDC attestations.

0 favorites 0 likes
← Back to home

Submit Feedback