Lazarus Strikes npm Again With New Wave of Malicious Packages, by @SocketSecurity:
https://socket.dev/blog/lazarus-strikes-npm-again-with-a-new-wave-of-malicious-packages

Lazarus Strikes npm Again With New Wave of Malicious Packages, by @SocketSecurity:
https://socket.dev/blog/lazarus-strikes-npm-again-with-a-new-wave-of-malicious-packages
No Project Is an Island: Why You Need SBOMs and Dependency Management https://nxdomain.no/~peter/no_project_is_an_island.html #sbom #development #dependencies #security #cves The system you develop and maintain does not exist in isolation. Providing SBOMs for our work is our way to show we care.
#Development #Launches
Node Modules Inspector · Visualize node_modules and inspect dependencies https://ilo.im/162mfz
_____
#Inspector #NodeJS #NodeModules #Dependencies #JavaScript #Npm #OpenSource #WebDev #Backend
Could uv be the holy grail of #python project management? It would be a good news, I nowadays don't create or hack python projects often but when I do I always wonder what to use and needs to learn a new tool, pip-tools, pip, virtualenv, venv, pipenv... all those tools had problems you needed to handle.
I hope it will not again be the 15th tool (mandatory xkcd reference, slightly out of context https://xkcd.com/927/)
#dev #dependencies #tools #previousretoot
Oh great, another "revolutionary" tool for #Pythonistas who can't read their own spaghetti code! Let's cheer for Tach, the pip-installable savior that promises to untangle your disastrous #Dependencies while being "interoperable" and written in #Rust, because clearly Python wasn't enough.
Maybe next, they'll develop a tool to help you find your misplaced sense of #Irony.
https://github.com/gauge-sh/tach #Tools #Interoperability #SpaghettiCode #HackerNews #ngated
Very cool:
if you're using #vscode and you program in @ruby,
@CrystalLanguage or
@Python, then you might want to use @ninoseki's #vscode_extension Mogami, which shows the latest dependencies in #Gemfile, #shards and #requirements_txt.
Keep in mind that #crystalshard checks are only working on #github repos for now though!
https://github.com/ninoseki/vscode-mogami?tab=readme-ov-file#vscode-mogami
Das ist kein schwarzer Schwan: Ein US BigTech sperrt ohne Ankündigung einen WebDev aus. Reduziert IT-Abhängigkeiten!
Build It Yourself
http://lucumr.pocoo.org/2025/1/24/build-it-yourself
#Programming tips and encouragement to write more code yourself instead of introducing #dependencies.
With this Rust tool you can patch your dependencies easily!
cargo-override: The quickest way to override dependencies with Cargo
Infers a number of things you would otherwise need to be checked manually
He should have stayed at home with a water hose that had no water pressure.
He could have moved the cars out and kept them cool for a few minutes.
I'm learning just a tad-bit about #AMD ( #asynchronous #module #dependencies ) and #RequireJS. I've always been too retarded to do anything with #Webpack, because it needs to be running server-side as well as clientside in the browser (I think). Dependencies bundled together in real time, at the server side, plus whatever minifier and obfuscation they decide to add.
With RequireJS, it just needs to find static JS files in the URL folder structure it expects. So you can use really any webserver.
@lianna Well, i know nothing specific to your distro, but fwiw, at least wrt #ArchLinux, the Wiki shows the dependencies:
Not a problem specific to #Rust, but language-specific package-managers:
“Debian’s Approach To Rust Dependency Handling” [2022], Ian Jackson (https://diziet.dreamwidth.org/10559.html).
Via Lobsters: https://lobste.rs/s/hrkb76/debian_s_approach_rust_dependency
#Development #Approaches
JavaScript Import Maps · A powerful way to handle JS dependencies in the browser https://ilo.im/161i1s
_____
#JavaScript #ImportMap #Dependencies #Browser #VsCode #WebDev #Frontend
“Python Dependency Management Is A Dumpster Fire”, Niels Cautaerts (https://nielscautaerts.xyz/python-dependency-management-is-a-dumpster-fire.html).
Via HN: https://news.ycombinator.com/item?id=42419822
On Lobsters: https://lobste.rs/s/dqyhrd/python_dependency_management_is
On /rPython: https://old.reddit.com/r/Python/comments/1gphzn2/a_completeish_guide_to_dependency_management_in/
Attached is yet another article that tries to clarify the options for python package management. The problem is that this space is dynamic and overpopulated, so any article quickly becomes out of dare. https://salas.com/2024/11/15/niels-cautaerts---python/#python #python-package #explainer #dependencies #package #pyenv #uv
Do you want to install something, but forgot if it's 'install', '--install', '-S', 'add' or 'update'?
Packager is a small script that detects which package managers you have, and rewrites your command.
https://opensavvy.gitlab.io/system/packager/docs/
Supported:
• #apt, #aptitude — #debian
• #npm, #yarn — #js
• #pacman, #yay — #archlinux
• #pip — #python
• #raco — #racket
• #sdkman — #java