📦 Package Managers - matmat · Scour

Why and how does pacman install an outdated package? ❄️Nixpkgs

archlinux.org·1d·r/archlinux

NPM Slop and Wonky Software Supply Chains 🔗Topological Sorting

simonramstedt.com·15h·Hacker News, r/programming

Original Sin of npm: A Study on Vulnerability Propagation in JavaScript Dependency Networks 🔗Topological Sorting

93 Minutes on npm: Inside the Bitwarden CLI Supply Chain Attack 🔗Supply Chain

·19h

lirantal/pypi-security-best-practices: Collection of PyPI registry package manager Security Best Practices featuring uv and pip ❄️Nixpkgs

github.com·2d·Hacker News

Package Cooldown with SBOMs ❄️Nixpkgs

interlynk.io·5d·Hacker News

Your Java Runtime Has a Security Update. Did You Apply It? 🛡️eBPF Security

Malicious pgserve, automagik developer tools found in npm registry 📦Container Security

infoworld.com·2d

pnpm 11 Release Candidate: ESM Distribution, Supply Chain Defaults and a New Store Format 🔗Topological Sorting

Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths ❄️Nix Flakes

malware.news·2d

Namastex.ai npm Packages Hit with TeamPCP-Style CanisterWorm Malware 📦Container Security

Bitwarden CLI npm package compromised to steal developer credentials ❄️Nixpkgs

bleepingcomputer.com·2d

AI is Changing Vulnerability Discovery and your Software Supply Chain Strategy has to Change with it 🔗Supply Chain

Treat open source software as critical infrastructure 🔓Open Source Software

·5d

A free solution to the GitHub Actions supply chain crisis 🌳Git Internals

developerwithacat.com·1d·Hacker News

Kubernetes v1.36 Promotes Stability, Compatibility & Reproducibility 📦Container Security

cloudnativenow.com·3d

Release Release Candidate v1.6.3-rc.43 🔗Topological Sorting

Adding Compilation Metadata To Binaries To Make Disassembly Decidable 🔓Decompilation

arxiv.org·3d·Hacker News

slint-ui/slint v1.16.1 🔗Static Linking

Release Release Candidate v1.6.3-rc.39 🔗Topological Sorting

Log in to enable infinite scrolling