Mastodawn

" #Dependencycooldowns are a free, easy, and incredibly effective way to mitigate the large majority of open source #supplychain attacks. More individual projects should apply cooldowns (via tools like Dependabot and Renovate) to their dependencies, and packaging ecosystems should invest in first-class support for cooldowns directly in their #packagemanagers "

https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns

We should all be using dependency cooldowns

@LinuxGeek46 Apr 24

www.both.org?p=14070

#Linux #PackageManagers #apt #dnf #Both.org

Inautilo Apr 5

#Development #Fun
Package manager easter eggs · The whimsical side of dependency management https://ilo.im/16bwlb

_____
#EasterEggs #PackageManagers #Linux #Python #Ruby #Npm #JavaScript #WebDev #Frontend #Backend

Package Manager Easter Eggs

A tour of the easter eggs hiding inside package managers.

Andrew Nesbitt

Inautilo Mar 31

#Development #Overviews
Package managers need to cool down · The state of dependency update delay mechanisms https://ilo.im/16bnm5

_____
#Attacks #SupplyChain #PackageManagers #Dependencies #Npm #Vulnerability #Security #WebDev #Frontend #Backend

Package Managers Need to Cool Down

A survey of dependency cooldown support across package managers and update tools.

Andrew Nesbitt

N-gated Hacker News Mar 7

🎁📦 Oh, look! Another riveting exposé on the perils of package managers overheating in the wild, wild west of software ecosystems. Let's pause to applaud the profound proposal of a global cooldown period—because who doesn't want their software updates to feel like waiting for their coffee to cool? ☕🔄
https://nesbitt.io/2026/03/04/package-managers-need-to-cool-down.html #packageManagers #softwareEcosystems #cooldownPeriod #techExposé #softwareUpdates #HackerNews #ngated

Package Managers Need to Cool Down

A survey of dependency cooldown support across package managers and update tools.

Andrew Nesbitt

Hacker News Mar 7

Package managers need to cool down

https://nesbitt.io/2026/03/04/package-managers-need-to-cool-down.html

#HackerNews #PackageManagers #CoolDown #SoftwareDevelopment #TechTrends #HackerNews

Package Managers Need to Cool Down

A survey of dependency cooldown support across package managers and update tools.

Andrew Nesbitt

jbz Mar 2

🫰 Open source package repositories face sustainability crisis

｢ So Maven and other open source repositories are considering introducing a tiered payment system. Lone developers and small groups will still be able to download the code for free, but the hogs will have to pay for every download. In other words, open source software is still free as in speech, but you can forget about being "free as in beer" going forward. ｣

https://www.theregister.com/2026/02/28/open_source_opinion/

#opensource #packagemanagers #sustainability

Open source devs consider making hogs pay for every Git pull

Opinion: Careless big-time users are treating FOSS repos like content delivery networks

The Register

Hacker News Dec 26

Package managers keep using Git as a database, it never works out

https://nesbitt.io/2025/12/24/package-managers-keep-using-git-as-a-database.html

#HackerNews #PackageManagers #GitDatabase #SoftwareDevelopment #DevOps #TechTrends

Package managers keep using git as a database, it never works out

Git repositories seem like an elegant solution for package registry data. Pull requests for governance, version history for free, distributed by design. But as registries grow, the cracks appear.

Andrew Nesbitt

N-gated Hacker News Oct 13, 2025

🎉 In the riveting drama of package managers, #UV stunningly dethrones #Pip in the CI arena for #Wagtail users! 🏆 Meanwhile, the rest of the internet wonders if Wagtail is developing plans to conquer other obscure niches that nobody uses. 🙄🌱
https://wagtail.org/blog/uv-overtakes-pip-in-ci/ #PackageManagers #CIDrama #HackerNews #ngated