GoKawiil - Latest Tech News & Aggregated Headlines

Pnpm has a new setting to stave off supply chain attacks

news.ycombinator.com Zoltan Kochan 2025-09-20 19:12:56

There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour. The new setting is called minimumReleaseAge . It specifies the number of minutes that must pass after a version is published before

Topics: dependencies finder license pnpm react

Shop Amazon

We shouldn't have needed lockfiles

news.ycombinator.com Nikita Prokopov 2025-12-04 09:33:37

We shouldn’t have needed lockfiles Imagine you’re writing a project and need a library. Let’s call it libpupa . You look up its current version, which is 1.2.3 , and add it to your dependencies: "libpupa": "1.2.3" In turn, the developer of libpupa , when writing its version 1.2.3 , needed another library: liblupa . So they did the same thing: they looked up the version, which was 0.7.8 at the time, and added it to the dependencies of libpupa 1.2.3 : "liblupa": "0.7.8" The version 0.7.8 of

Topics: dependencies liblupa libpupa time version

Shop Amazon

Uv: Running a script with dependencies

news.ycombinator.com Unknown 2026-01-04 08:26:40

A Python script is a file intended for standalone execution, e.g., with python <script>.py . Using uv to execute scripts ensures that script dependencies are managed without manually managing environments. Note If you are not familiar with Python environments: every Python installation has an environment that packages can be installed in. Typically, creating virtual environments is recommended to isolate packages required by each script. uv automatically manages virtual environments for you and

Topics: dependencies example run script uv

Shop Amazon

uv Running a Script with Dependencies

news.ycombinator.com Unknown 2026-01-04 14:26:40

A Python script is a file intended for standalone execution, e.g., with python <script>.py . Using uv to execute scripts ensures that script dependencies are managed without manually managing environments. Note If you are not familiar with Python environments: every Python installation has an environment that packages can be installed in. Typically, creating virtual environments is recommended to isolate packages required by each script. uv automatically manages virtual environments for you and

Topics: dependencies example run script uv

Shop Amazon

Show HN: X11 desktop widget that shows location of your network peers on a map

news.ycombinator.com Unknown 2026-01-06 22:16:25

connmap connmap is an X11 desktop widget that shows location of your current network peers on a world map. (Works on Wayland as well!) Installation Clone the repository git clone https://github.com/h2337/connmap --depth 1 , install the dependencies (see below), run make install , then run the resulting executable ./connmap.elf . If you want to run it without attaching it to the terminal then add ampersand at the end of the command: ./connmal.elf & . You can also add it to your i3wm config t

Topics: connmap dependencies installation map map_width

Shop Amazon

Latest Tech News

Pnpm has a new setting to stave off supply chain attacks

We shouldn't have needed lockfiles

Uv: Running a script with dependencies

uv Running a Script with Dependencies

Show HN: X11 desktop widget that shows location of your network peers on a map

About GoKawiil

Privacy

Advertising

Latest Tech News

Pnpm has a new setting to stave off supply chain attacks

We shouldn't have needed lockfiles

Uv: Running a script with dependencies

uv Running a Script with Dependencies

Show HN: X11 desktop widget that shows location of your network peers on a map

Trending Topics

Hot Now

Popular

Emerging

About GoKawiil

Privacy

Advertising