[pnpm v11 릴리즈

pnpm v11이 릴리즈되었습니다. 주요 변경 사항으로는 Node.js 22+ 필수 지원, 공급망 보호 기능의 기본 활성화, 빌드 관련 설정의 통합(allowBuilds), 글로벌 설치 격리, SQLite 기반 스토어 인덱스 도입, 네이티브 퍼블리시 명령어 지원, 그리고 .npmrc 설정의 역할 제한 등이 포함됩니다. 특히 보안 강화와 성능 최적화에 초점을 맞춘 업데이트입니다.

https://news.hada.io/topic?id=29097

#pnpm #nodejs #javascript #packagemanager #supplychainsecurity

Dear people at @packagist:

Add multi-auth bearer for packages under the same domain for #ComposerPHP.

Thank you.

#Programming #PHP #FOSS #OSS #OpenSource #Coding #Code #SoftwareDevelopment #PackageManager #WebDevelopment #WebDev

PyPI Package elementary-data Compromised to Steal Developer Data

A malicious release of the popular elementary-data package on PyPI, which has over 1.1 million monthly downloads, allowed an attacker to steal developer data through a sneaky backdoor. This widely-used open-source tool for data observability in dbt pipelines became a prime target for the secrets-stealing campaign.

https://osintsights.com/pypi-package-elementary-data-compromised-to-steal-developer-data?utm_source=mastodon&utm_medium=social

#OpensourceCompromise #SupplyChain #PackageManager #Pypi #DataObservability

Shelly 2.1 Package Manager for Arch Linux Revamps AppImage Support

https://fed.brid.gy/r/https://9to5linux.com/shelly-2-1-package-manager-for-arch-linux-revamps-appimage-support

Hey y'all

The #XeroLinux Package Manager is ready for testing. I removed hard dependency on our Distro making it work on any Arch-based Distro (with limitations).

Feel free to test and report any issues via Github. Will try my best.

https://github.com/xerolinux/xPackageManager

#FOSS #Linux #OpenSource #ArchLinux #PackageManager

PHP Composer Flaws Expose Code Execution Risk, Prompting Patches

Critical flaws in PHP Composer, a popular package manager, leave countless websites vulnerable to code execution attacks - but fortunately, patches have been released to swiftly mitigate this risk. If exploited, these high-severity vulnerabilities could allow hackers to execute arbitrary commands, putting entire…

https://osintsights.com/php-composer-flaws-expose-code-execution-risk-prompting-patches?utm_source=mastodon&utm_medium=social

#PhpComposer #CodeExecution #PackageManager #CommandInjection #VulnerabilityManagement

AI coding agents often use improper package manager. And it is annoying to explicitly mention this problem in every project.

ni sounds like a one-size-fits-all solution that perfectly fits my need.

https://github.com/antfu-collective/ni

#ni #packagemanager #nodejs #ai

Okay okay. That's that. I'm converted. It's uv all the way.

Not just because of the speed though. It uses the best ideas of poetry and Pipenv, both of which I've used and the latter I've depended on for the past 4-ish years.

#python #python-uv #PackageManager

First Look at Shelly, a Modern Graphical Package Manager for Arch Linux

https://fed.brid.gy/r/https://9to5linux.com/first-look-at-shelly-a-modern-graphical-package-manager-for-arch-linux