Outer Web | Explore

Explore >> Select a destination

You are here		dlaa.me En Provence [Some thoughts about npm package provenance - and why I have not enabled it] - The blog of dlaa.me
\|	\|	initialcommit.com Major bank publishes private NPM package - oops!	6.5 parsecs away Travel
\|	\|	Laurie Voss, co-founder of [NPM](https://www.npmjs.com/), recently sent out this tweet highlighting that a major bank has published a private package to the npm registry... and left it there for over 3 years.	6.5 parsecs away Travel
\|	\|	blog.packagist.com Installing Composer Packages from Monorepos with Private Packagist	6.2 parsecs away Travel
\|	\|	A monorepo is a single repository that stores the source code of several or all packages of an organization. One of the biggest advantages of using monorepos is that it's easier to share and reuse code across multiple packages inside the monorepo. However, when you want to publish one of	6.2 parsecs away Travel
\|	\|	shapeshed.com Thoughts on yarn \| George Ornbo	5.8 parsecs away Travel
\|	\|	Yarn announced itself as a new package manager for JavaScript. In fact is a better npm client but its release suggests that change may be coming to JavaScript package management with issues of security and centralisation up for debate.	5.8 parsecs away Travel
\|	\|	www.zerodayinitiative.com ZDI-24-347 \| Zero Day Initiative	28.4 parsecs away Travel
\|		[AI summary] A critical remote code execution vulnerability in SolarWinds Access Rights Manager allows attackers to execute arbitrary code with service account privileges if proper data validation is not enforced.	28.4 parsecs away Travel