Dependency management articles

11/16/2021 • EN

Python: Please stop screwing over Linux distros

A critique of Python's chaotic packaging ecosystem and its negative impact on Linux distribution maintainers, calling for the PSF to address the issue.

dependency management linux package management packaging Python

Drew DeVault

8/6/2021 • EN

proxy.golang.org allows many Go packages to be silently broken

Critique of proxy.golang.org's permanent caching, which hides broken dependencies and creates hidden risks in the Go ecosystem.

dependency management Go Modules golang Goproxy Software Supply Chain

Drew DeVault

7/7/2021 • EN

Upgrading Node.js dependencies after a yarn audit

A guide on how to upgrade Node.js dependencies and fix vulnerabilities after running a yarn audit, including manual and automated methods.

dependency management Node.js security audit upgrade yarn

Stefan Baumgartner

4/7/2021 • EN

Pipenv - Yep, another post about Python Virtual Environments

A guide to using Pipenv for managing Python virtual environments, focusing on deterministic dependency resolution with Pipfile.lock.

dependency management Lock File pipenv Python Virtual Environment

Alex Merced

3/6/2021 • EN

if-else-switch

Analyzes the problems with if/else/switch statements in code and proposes a polymorphic factory object solution for better architecture.

code quality dependency management design patterns polymorphism refactoring

Robert C. Martin

3/2/2021 • EN

More on Python Virtual Environments

A guide to creating and managing Python virtual environments using the native venv module, with helpful bash functions.

Bash Scripting dependency management Python Venv Virtual Environments

Alex Merced

2/17/2021 • EN

Facade Pattern

Explains the Facade design pattern in JavaScript, focusing on managing dependencies and simplifying complex APIs for better code maintainability.

dependency management design patterns Facade Pattern JavaScript software architecture

Kyle Shevlin

11/17/2020 • EN

What happened at Bazelcon 2020

A summary of key talks from Bazelcon 2020, covering the state of Bazel, Twitter's migration, and Pinterest's CI tool.

Bazel build systems dependency management monorepo Remote Execution

Gaspare Vitta

10/17/2020 • EN

Why does package-lock.json exist, and how does it work?

Explains the purpose and mechanics of package-lock.json in Node.js projects, detailing how it ensures consistent dependency installations.

dependency management JavaScript node_modules npm Package Lockjson

Lucas F. Costa

9/2/2020 • EN

Solving conflicts in package-lock.json

A guide to properly resolving git merge conflicts in package-lock.json files without deleting them, ensuring dependency consistency across teams.

dependency management GIT Conflicts npm Package Lockjson Semver

TkDodo Dominik Dorfmeister

8/25/2020 • EN

Front-end Architecture: Stable and Volatile Dependencies

Explains how to categorize and manage stable vs. volatile dependencies in front-end architecture for better design.

dependency management Frontend Architecture React software design TypeScript

Dmitri Pavlutin

5/30/2020 • EN

package.json vs package-lock.json - Differences, Purposes, Relevance

Explains the differences and purposes of package.json and package-lock.json files in Node.js projects, focusing on dependency management.

dependency management JavaScript npm Package Lockjson package.json

Dillion Megida

5/2/2020 • EN

Clojure as a dependency

Exploring best practices for declaring Clojure as a dependency in libraries, including Leiningen and CLI tools approaches.

build tools Clojure dependency management Leiningen library development

Daniel Janus

3/26/2020 • EN

Minor versions, breaking changes

A developer's analysis of how a minor version update in a Composer dependency caused a breaking change in a Laravel project, highlighting versioning pitfalls.

Composer dependency management Laravel php semantic versioning

Brent