Discusses the unsustainable expectation of long-term support for open source software and the necessity of regular updates.
The article critiques the web's dependency management, arguing it's broken and should be a native platform feature, not reliant on bundlers.
Clarifies that go.sum is a checksum cache, not a lockfile, and explains why go.mod is the true source for dependency versions in Go.
Introducing Poe the Poet, a tool for managing project tasks and commands via pyproject.toml, demonstrated with a Python documentation setup.
Explains dependency cooldowns, a strategy to reduce supply chain attack risk by delaying automatic dependency updates.
A developer shares technical optimizations for websites and Eleventy projects, covering performance profiling, dependency replacement, and bot settings.
Introduces the Geomys Standard of Care, a professional framework for secure and reliable open-source software maintenance.
A critique of JavaScript's dependency management after a major supply-chain attack, arguing for systemic change but predicting stagnation.
Qodo AI's new Package Health Reviewer uses Snyk Advisor to automate security and maintenance checks for open-source dependencies in CI/CD pipelines.
Explores how Bun's auto-install feature enables self-contained TypeScript programs, comparing it to Python's uv for dependency management.
Using uv run with Make to test Python code across multiple versions, replacing tools like Tox or Nox.
A guide to using git worktree with Python projects, including a helper script to automate virtual environment and dependency management.
A developer's critique of unnecessary breaking changes in software dependencies and their impact on project maintenance and developer experience.
Analyzes common tight coupling patterns in Node.js code, such as global variables and hardcoded dependencies, and their impact on maintainability.
A proposal for managing optional software dependencies using meta-packages, avoiding complexity in package managers.
A guide on using RenovateBot's custom managers with regex to update package versions in non-standard file locations like Dockerfiles and C# code.
A guide to understanding and using the cargo.toml file, the central configuration file for managing Rust projects and dependencies with Cargo.
Fixing Xcode 16.1's Swift package fetch failure caused by a global Git configuration change.
Explains the Tip & Tail release model used by OpenJDK to manage Java library dependencies and releases, helping developers innovate faster.
A developer's critique of Dependabot's flaws under GitHub, including silent failures and slow updates, leading them to stop using it.
