npm Targeted by Malware Campaign Mimicking Familiar Library Names, by @SocketSecurity:
https://socket.dev/blog/npm-targeted-by-malware-campaign-mimicking-familiar-library-names
Rust's dependency problem is real. 1,000 lines of your code can pull in 3.6 million lines of dependencies. How can we audit that?
#Rust #Security #Dependencies https://vincents.dev/blog/rust-dependencies-scare-me/?
Rust’s dependencies are starting to worry me
npm Should Remove the Default License From New Packages (ISC), by @extremq.com:
https://extremq.com/npm-should-remove-the-default-license-from-new-packages-isc/
@unix_discussions Why they compared tge size of the executable file, with the size of #flatpak package? Shouldnt we at least try to include for standard #linux #package all #dependencies it requires or at lest compare #staticlinking with their flatpak counterparts to get rough estimate of flatpak metadata size overhead, and dependency duplication from runtime and separately whatever was put alongside the contenerized application. Also, it would be cool to compare it across many #linuxdistribution in case there are some that due to #dynamiclinking have to bundle multiple versions of given library
Eleventy: A GitHub Workflow to Check if an Automated Dependency Update Would Break Your Site, by @j9t [@frontenddogma]:
We’ve created a practical terminology guide to help teams align — covering #milestones, #dependencies, #relations, #wikis, and more.
It’s a great resource for onboarding or brushing up.
See 
Interesting analysis "Multiple countries in Europe are critically dependent on services provided by Microsoft. Querying mail-servers teaches that in some countries, over 70% of all public services rely on this American provider."
https://jurgen.gaeremyn.be/2025/03/08/european-critical-dependencies/
#Microsoft #bigtech #EU #municipalities #mail #ICT #IT #government #dependencies #digitalsovereignty
LLMs Can’t Stop Making Up Software Dependencies and Sabotaging Everything, by @thomasclaburn (@theregister):
https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/
AI can't stop making up software dependencies and sabotaging everything
https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/
Breaking Down Circular Dependencies in JavaScript, by (unattributable):
https://www.bryanbraun.com/2025/03/29/breaking-down-circular-dependencies-javascript/
Malware Found on npm Infecting Local Package With Reverse Shell, by @reversinglabs.com:
https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell
#Python: Malicious #PyPI Packages Stole #Cloud #Tokens—Over 14,100 Downloads Before Removal
https://thehackernews.com/2025/03/malicious-pypi-packages-stole-cloud.html
Lazarus Strikes npm Again With New Wave of Malicious Packages, by @SocketSecurity:
https://socket.dev/blog/lazarus-strikes-npm-again-with-a-new-wave-of-malicious-packages
No Project Is an Island: Why You Need SBOMs and Dependency Management https://nxdomain.no/~peter/no_project_is_an_island.html #sbom #development #dependencies #security #cves The system you develop and maintain does not exist in isolation. Providing SBOMs for our work is our way to show we care.
#Development #Launches
Node Modules Inspector · Visualize node_modules and inspect dependencies https://ilo.im/162mfz
_____
#Inspector #NodeJS #NodeModules #Dependencies #JavaScript #Npm #OpenSource #WebDev #Backend
#Firefox - time to say goodbye, at least for now...
I've been using Firefox for years now, ignoring the fact, that it's objectively the worst performing #browser out there. With lacking #compatibility, outdated #dependencies, multiple unresolved #bugs. All of that was irrelevant, I wanted to support Your goal of making #Internet more #privacy respecting, a safe space.
Sadly, looks like it ends now. The biggest (and only) advantage goes away, and so do I. But I hope I can go back some day...
Could uv be the holy grail of #python project management? It would be a good news, I nowadays don't create or hack python projects often but when I do I always wonder what to use and needs to learn a new tool, pip-tools, pip, virtualenv, venv, pipenv... all those tools had problems you needed to handle.
I hope it will not again be the 15th tool (mandatory xkcd reference, slightly out of context https://xkcd.com/927/)
#dev #dependencies #tools #previousretoot
Very cool:
if you're using #vscode and you program in 
@ruby, 
Keep in mind that #crystalshard checks are only working on #github repos for now though!
https://github.com/ninoseki/vscode-mogami?tab=readme-ov-file#vscode-mogami
