snabelen.no

0 innlegg0 deltakere0 innlegg i dag

Karl Voit :emacs: :orgmode:<a href="https://graz.social/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Python</a>: Malicious <a href="https://graz.social/tags/PyPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PyPI</a> Packages Stole <a href="https://graz.social/tags/Cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cloud</a> <a href="https://graz.social/tags/Tokens" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Tokens</a>—Over 14,100 Downloads Before Removal <a href="https://thehackernews.com/2025/03/malicious-pypi-packages-stole-cloud.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://thehackernews.com/2025/03/malicious-pypi-packages-stole-cloud.html</a><a href="https://graz.social/tags/complexity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#complexity</a> <a href="https://graz.social/tags/dependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dependencies</a> <a href="https://graz.social/tags/programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#programming</a> <a href="https://graz.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://graz.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a>

Peter N. M. HansteenNo Project Is an Island: Why You Need SBOMs and Dependency Management <a href="https://nxdomain.no/~peter/no_project_is_an_island.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://nxdomain.no/~peter/no_project_is_an_island.html</a> <a href="https://mastodon.social/tags/sbom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sbom</a> <a href="https://mastodon.social/tags/development" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#development</a> <a href="https://mastodon.social/tags/dependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dependencies</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mastodon.social/tags/cves" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cves</a> The system you develop and maintain does not exist in isolation. Providing SBOMs for our work is our way to show we care.

alexanderadamVery cool:if you're using <a href="https://ruby.social/tags/vscode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vscode</a> and you program in :ruby: <a href="https://ruby.social/@ruby" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@ruby</a>, 💎 <a href="https://fosstodon.org/@CrystalLanguage" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@CrystalLanguage</a> or 🐍 <a href="https://techhub.social/@Python" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Python</a>, then you might want to use <a href="https://ruby.social/@ninoseki" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@ninoseki</a>'s <a href="https://ruby.social/tags/vscode_extension" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vscode_extension</a> Mogami, which shows the latest dependencies in <a href="https://ruby.social/tags/Gemfile" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Gemfile</a>, <a href="https://ruby.social/tags/shards" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#shards</a> and <a href="https://ruby.social/tags/requirements_txt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#requirements_txt</a>.Keep in mind that <a href="https://ruby.social/tags/crystalshard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#crystalshard</a> checks are only working on <a href="https://ruby.social/tags/github" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#github</a> repos for now though!<a href="https://github.com/ninoseki/vscode-mogami?tab=readme-ov-file#vscode-mogami" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/ninoseki/vscode-mogami?tab=readme-ov-file#vscode-mogami</a><a href="https://ruby.social/tags/ruby" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ruby</a> <a href="https://ruby.social/tags/rubylang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rubylang</a> <a href="https://ruby.social/tags/CrystalLang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CrystalLang</a> <a href="https://ruby.social/tags/crystal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#crystal</a> <a href="https://ruby.social/tags/CrystalLanguage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CrystalLanguage</a> <a href="https://ruby.social/tags/python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#python</a> <a href="https://ruby.social/tags/code" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#code</a> <a href="https://ruby.social/tags/dependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dependencies</a> <a href="https://ruby.social/tags/rubyprogramming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rubyprogramming</a>

Daniel<a href="https://social.hnnng.space/tags/software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#software</a> <a href="https://social.hnnng.space/tags/development" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#development</a> <a href="https://social.hnnng.space/tags/build" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#build</a> <a href="https://social.hnnng.space/tags/tooling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tooling</a> <a href="https://social.hnnng.space/tags/dependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dependencies</a> <a href="https://simonwillison.net/2025/Feb/8/salvatore-sanfilippo/#atom-everything" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://simonwillison.net/2025/Feb/8/salvatore-sanfilippo/#atom-everything</a>

SpaceLifeForm<a href="https://infosec.exchange/@kevinrothrock" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@kevinrothrock</a> He should have stayed at home with a water hose that had no water pressure. He could have moved the cars out and kept them cool for a few minutes.<a href="https://infosec.exchange/tags/ClimateChange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ClimateChange</a> <a href="https://infosec.exchange/tags/Dependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Dependencies</a> <a href="https://infosec.exchange/tags/SupplyChains" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SupplyChains</a>

ToastyHmm, two Python package dependencies which each export the same top-level module. The result: one just overwrites the other's files on installation! 🙃 Does anybody know a secret sauce solution to this that doesn't involve splitting up apps or forking a package repository? Preferably compatible with uv.<a href="https://dosgame.club/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Software</a> <a href="https://dosgame.club/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Python</a> <a href="https://dosgame.club/tags/Packaging" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Packaging</a> <a href="https://dosgame.club/tags/Dependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Dependencies</a>

Nylige søk

Alternativer for søk

Administrert av:

Serverstatistikk:

#dependencies