Latest posts tagged with #DependencyManagement on Bluesky
I just published Flutter Build Systems and Dependency Management: Technical Interview Guide medium.com/p/flutter-bu...
#Flutter #FlutterDevelopment #FlutterInterview #BuildSystems #DependencyManagement #Pubspec #GradleBuild #FlutterFlavors #CodeGeneration #BuildRunner #MobileDevelopment
I just published Android Native Build Systems and Dependency Management: Interview Questions That Will Test Your… medium.com/p/android-na...
#Android #AndroidDevelopment #Gradle #Kotlin #AndroidInterview #TechInterview #MobileDevelopment #DependencyManagement #AndroidStudio #KSP #KAPT
I just published iOS Native Build Systems and Dependency Management: Interview Questions That Will Test Your… medium.com/p/ios-native... #iOSDevelopment #Swift #Xcode #SwiftPackageManager #CocoaPods #iOSInterview #TechInterview #AppleDevelopment #MobileDevelopment #BuildSystems #DependencyManagement
I just published Build Systems and Dependency Management in Flutter: Interview Questions That Will Test Your… medium.com/p/build-syst...
#Flutter #FlutterInterview #DartProgramming #MobileDevelopment #BuildSystems #DependencyManagement #Gradle #CocoaPods #PubDev #FlutterDeveloper #TechInterview
Quote is "Always plan ahead. It wasn't raining when Noah built the ark." Richard Cushing. Card from PM. ProjectManager
Thought of the day: The thing that most people do not consider enough when planning and managing risk are the dependencies. Whether you are dependent on another project or they are dependent on you, knowing your dependencies is critical to success.
#dependencymanagement
On the #norsys blog, I've just posted an article which explains how building a local development environment for @dependencytrack.bsky.social with Docker Compose, code and examples included.
medium.com/norsys-octog...
#DependencyTrack #Trivy #Docker #DockerCompose #Security #DependencyManagement
🚀📝 DEV Track Spotlight: Compile blazing-fast MCP servers in Rust (DEV405)
#RustProgramming #MCPServers #DependencyManagement #AWSreInvent #CodeTalk
Commenters contrast `uv` with older tools like `venv`, `poetry`, and `pip`. `uv` excels in speed, ease of use, and seamless management of Python versions & virtual environments, simplifying complex setups previously. #DependencyManagement 3/6
Mitigating shared dependency issues in microservices requires discipline: robust versioning, ensuring backward compatibility, and planning for schema evolution. Without these, the benefits of independent services quickly erode. #DependencyManagement 3/6
The core debate: update dependencies immediately for CVEs, or delay to prevent supply chain attacks/new bugs? A balanced approach is key, prioritizing careful monitoring & risk assessment over blind adoption. #DependencyManagement 2/6
The discussion extends to broader dependency management. Relying on numerous, often unvetted, third-party packages significantly increases risk. Strategies like vendoring dependencies or reducing external package count can tighten security. #DependencyManagement 4/6
“Package Managers Are Evil”, Bill “GingerBill” Hall (www.gingerbill.org/article/2025...).
On HN: news.ycombinator.com/item?id=4516...
On Lobsters: lobste.rs/s/zvdtdn/pac...
#Programming #Packages #Dependencies #DependencyHell #PackageManagers #Rants #DependencyManagement
Today I used the phrase "transitive closure" in an engineering design document. I feel all grown up, like the first time I paid rent.
#softwareengineering #dependencymanagement
CRAN's "virtual monorepo" approach means *any* package update triggers tests for *all* its dependents. This robust system ensures high ecosystem stability by preventing breaking changes, but it's a heavy lift! #DependencyManagement 2/6
EU CRA: It's Later Than You Think, Time to Engineer Up! nxdomain.no/~peter/eu_cr... (or tracked bsdly.blogspot.com/2025/09/eu-c...) #developement #EUCRA #CRA #cyberresilienceact #sbom #softwarebillofmaterials #engineering #quality #freesoftware #libresoftware #dependencies #dependencymanagement
A better future for JavaScript that won't happen
drewdevault.com/2025/09/17/2...
#JavaScript #DependencyManagement #SoftwareEngineering #Security
JavaScript's culture of heavy dependency reuse presents a security trade-off. While convenient, excessive packages increase attack surfaces. A smaller, more curated dependency tree is often safer. #DependencyManagement 3/5
Dependency management was another hot topic. Rust's Cargo offers robust package handling, but Python's ecosystem, with tools like `uv`, is rapidly improving. The discussion centered on balancing ease of use with avoiding 'dependency clutter.' #DependencyManagement 5/6
A common, dangerous practice: blindly importing numerous open-source dependencies without proper understanding or security audits. This creates vast, hidden attack surfaces susceptible to exploitation. #DependencyManagement 5/6
Another defense against supply chain attacks is vendoring dependencies. This means copying them locally rather than relying on external registries, offering more control but potentially increasing maintenance overhead. #DependencyManagement 3/6
A key concern from the Nx discussion: excessive dependencies are a major supply chain vulnerability. Teams should audit dependencies, use tools like SBOMs, and consider vendoring critical libraries to reduce attack surface. #DependencyManagement 3/6
vcpkg’s ‘baseline’ system is designed for C++ complexity.
Instead of piecemeal updates, Dependabot advances the entire baseline to a newer version, avoiding ABI incompatibilities and version conflicts.
#DependencyManagement
Build a Go dependency scanner with the standard library: parse go.mod, query OSV for vulnerabilities, and analyze licenses. #dependencymanagement
🚀We've just released ReARM CE 25.08.23 and ReARM Pro 25.08.20 with an exciting new feature: Automatic alerts for dependency changes with a detailed SBOM-level changelog.
youtube.com/watch?v=RfKV...
#SBOM #DevSecOps #SupplyChainSecurity #SoftwareSecurity #DependencyManagement #ReARM
External libraries & dependencies are major culprits in software rot. Abandoned libraries or breaking updates to underlying systems can cripple code. The consensus: carefully select well-maintained libraries and minimize their number. #DependencyManagement 5/6
While `uv` excels, alternatives exist. For larger projects, `pip-tools` or `Poetry` offer more robust dependency locking. For cross-language needs, solutions like Nix or even Go's single-binary approach were discussed. #DependencyManagement 5/6
The Dependency Discovery Deck is an interactive tool designed specifically for developers and agile teams. #dependencymanagement
A major risk of auto-updating dependencies (like with Dependabot) is introducing hidden bugs, breaking changes, or even malicious code if not properly reviewed & tested. Don't blindly trust automation! Manual oversight is key. #DependencyManagement 2/6
