Explains the risks of inconsistent package lockfiles in npm/Yarn and how to enforce strict dependency installation using `npm ci` or `--frozen-lockfile`.
A beginner's guide to using the command line and Composer for developers, especially those familiar with WordPress.
Analyzes security risks in npm package installation, highlighting the dangers of arbitrary code execution and advocating for cautious dependency management.
A DevOps-focused review of Python dependency management tools like pip-tools, Pipenv, and Poetry for production applications.
A tutorial on creating a custom Bash alias to link local folders as Composer dependencies for easier PHP package development and testing.
A guide to setting up a modern JavaScript open source project, covering dependency management, coding style tools, and automation.
A guide on how to use specific git commits of third-party packages in Python projects, covering setup.py and requirements.txt configurations.
Analyzes the recent panic over npm security, arguing it's based on social engineering in PRs, not a flaw in npm itself.
A developer troubleshoots a tricky JavaScript testing error after updating dependencies like React and Jest, despite mocked console methods.
A tutorial on using Swift Package Manager to create libraries and executables, manage dependencies, and work with the Package.swift manifest file.
Explains the benefits of using Pipfile over requirements.txt for managing Python dependencies and how to get started.
A guide to automating dependency updates in Java, JavaScript, and Gradle projects using CI tools and commit hooks.
A guide on using Yarn to manage and test locally developed Node.js packages, including filesystem and Git repository integration.
Explains Go's dependency management philosophy, tools like go get, and the $GOPATH workspace structure for handling packages.
A developer discusses the risks of external dependencies after the 'left-pad' NPM incident and argues for mirroring critical packages.
Explores the core philosophy of Node.js, focusing on its UNIX-inspired principles of modularity and dependency management.
A guide for iOS developers on using Bundler to manage Ruby tool dependencies like CocoaPods and Fastlane, ensuring consistent project setups.
Announcing JDeps Maven Plugin 0.2, a tool that breaks builds on unexpected JDK-internal API dependencies with flexible rule configuration.
Analyzes if Java 9's Project Jigsaw will solve JAR hell or create a new 'module hell', focusing on dependency management.
Explores the concept of JAR Hell in Java, detailing its causes like dependency issues and classpath conflicts, and discusses modern solutions.
