Tag: idea
Separating Download from Install in Docker Builds
Most package managers could separate download from install for better Docker layer caching.
Respectful Open Source
Maintainer attention as a finite resource.
Zig and the M×N Supply Chain Problem
Zig's long road to supply chain security.
The Dependency Layer in Digital Sovereignty
Where package management fits in the digital sovereignty discussion.
PkgFed: ActivityPub for Package Releases
Follow serde@crates.io from your Mastodon account
Package Management is a Wicked Problem
Why fixing package managers is harder than it looks.
A Protocol for Package Management
A shared vocabulary for resolution, publishing, and governance across ecosystems.
importmap.lock: a lockfile for the web
Extending import maps with package metadata to improve dependency management and security for browser-native JavaScript.
A Jepsen Test for Package Managers
Applying Jepsen-style adversarial testing to package managers.
Cursed Bundler: Using go get to install Ruby Gems
Go's module system accidentally created a universal, content-addressed, transparency-logged package CDN. You could abuse this for any language.
Could lockfiles just be SBOMs?
Lockfiles and SBOMs record the same information in different formats. What if package managers used SBOMs directly, instead of converting later?