Argues that software developers should rely on Linux distribution maintainers for packaging and distribution, rather than distributing binaries themselves.
Explains how to use Go's internal/ directory to create private packages, reducing a project's public API surface and improving design.
Essential npm security best practices to protect against malicious packages, including ignoring run-scripts and vetting third-party modules.
A developer shares essential productivity apps for managing tasks, time, disk space, and meetings to optimize a tech workflow.
npm registry hits 1 million packages. Analysis of top packages, vulnerabilities, and download statistics.
A step-by-step tutorial on how to publish your own open source npm package, covering setup, bundling with Babel, and the publishing process.
Analysis of a malicious backdoor discovered in the popular bootstrap-sass Ruby gem, its impact, and essential security best practices for developers.
Learn how to use npm outdated and npm doctor commands to assess your project's dependency health and environment setup.
Explains npm's evolving naming rules to combat typosquatting attacks, detailing case sensitivity and character restrictions for package names.
Explains security risks in the npm ecosystem, including malicious modules, typosquatting, and compromised contributors, with mitigation advice.
Explores three methods for packaging Roslyn analyzers specific to a NuGet package, discussing trade-offs in adoption, updates, and user control.
Fedora Scientific 28 Beta release announcement, noting some packages are now installable via dnf despite initial exclusions.
Analyzing CRAN packages to find non-English R packages, focusing on French documentation and encoding fields in DESCRIPTION files.
A guide to setting up a minimal Common Lisp project using ASDF and Quicklisp, including creating packages and systems.
Explains how to manage multiple Ruby versions on openSUSE using the 'orr' tool for easy installation and environment setup.
Argues for using your Linux distro's native package manager over language-specific tools like pip/npm for better system integration and deployment.
Analyzes the recent panic over npm security, arguing it's based on social engineering in PRs, not a flaw in npm itself.
A guide to installing the nightly build of Azure CLI 2.0 on Windows using PowerShell and Chocolatey for access to the latest Azure features.
An overview of the Pipfile format and pipenv tool for Python package management, including a link to a recorded presentation.
Announcement of R 3.4.1 release, detailing Windows-specific bug fixes and providing an upgrade guide for Windows users.
