Tired of inheriting codebases riddled with dead dependencies? stack-rot is a new tool designed to tell you which packages are truly dead, not just outdated or insecure.
A compromised npm package, a stolen maintainer key, and a three-hour window of vulnerability. The [email protected] incident wasn't just a bug; it was a stark reminder that your code's perimeter has expanded.
CMake, the build system tool everyone loves to complain about, is finally getting serious about package managers. Will this fix everything, or just make a mess?
Dependency management is a band-aid. Bloomberg's scaling a mentorship-based approach to open source that actually prevents maintainer burnout—starting with OpenTelemetry.