javascript-clients
Nuget Package Manager
| javascript-clients | Nuget Package Manager | |
|---|---|---|
| 5 | 35 | |
| 4 | 1,547 | |
| - | 0.1% | |
| - | 6.8 | |
| 16 days ago | 8 days ago | |
| TypeScript | HTML | |
| Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
javascript-clients
-
Red Hat packages backdoored through its official NPM channel
List of affected packages: https://github.com/RedHatInsights/javascript-clients/issues/...
- npm Supply Chain Attacks, Pixel/Exynos Zero-Days, and Instagram Account Takeovers
- 31 paquetes npm de Red Hat comprometidos roban credenciales de nube
-
NPM packages from RedHat have been compromised
This repository itself had to previously update from the axios supply chain attack [0] (co-authored by Claude lol). But just by looking at the change itself, the package is unpinned and won't solve the problem if it happens again as a illegitimate "security update".
So if you have an unpinned version of this package and you run 'npm install', you immediately downloaded the compromised version and that's that.
[0] https://github.com/RedHatInsights/javascript-clients/commit/...
Nuget Package Manager
-
NPM packages from RedHat have been compromised
>> In every of these threads there's a bunch of snarky comments, either acting like this class of attack is exclusive to npm, or that nothing has been done about it. I don't think that's fair.
> … the classic "no way to avoid this" The Onion article
But isn't point of The Onion article that A) the US has >50x as many incidents as the rest of the developed world combined [1], and yet B) acts like there is "no way to avoid this". Does NPM have >50x as many incidents as the rest of established languages combined? Is NPM claiming there is "no way to avoid this" or are they putting in place things like automatic install delays?
While all the major js package managers already support install delays, none of the big local C#/dotnet/nuget apps do (Visual Studio/Rider/nuget/dotnet/VS Code). https://github.com/NuGet/Home/issues/14657
[1] https://edition.cnn.com/2018/05/21/us/school-shooting-us-ver...
-
9 Things That Silently Kill Your .NET Build Time (and How to Fix Each One)
The performance gap can be staggering. NuGet/Home Issue #11548 documented a case where dotnet restore took 5 minutes 39 seconds on Windows versus 16 seconds on Ubuntu for identical packages — because Windows was performing synchronous certificate revocation checks. Setting NUGET_CERT_REVOCATION_MODE=offline dropped it to 1 minute 22 seconds.
- NuGet Central Package Management: como criei uma dotnet tool pra limpar o lixo que ninguém limpa
- Microsoft was able to delete some of our packages without notice
-
Designing HTTP API clients in .NET
However, any client dependency can lead to a future case of the notorious "DLL hell" problem. While multiple major versions of the same package are transitively referenced by the root application, we have exactly one package version bound at runtime. Then, when we call the other version transitively, we can get a nasty runtime error. In general form, it is unsolvable on the root application side. More technical details can be found, for example, in this thread and its follow-ups: Referencing multiple package versions within one project with extern aliases.
-
Problem with *.csproj and *.nuspec file to include static files into a nuget package
- https://github.com/NuGet/Home/issues/8843
- what do you find most frustrating about dotnet?
-
.NET 8 is on the way! +10 Features that will blow your mind 🤯
GitHub Issue
-
Docker build fails on GitHub Action after net7 update
Similar issue here: https://github.com/dotnet/sdk/issues/28971. Following the breadcrumbs it looks like it may be a NuGet issue, reported here: https://github.com/NuGet/Home/issues/12227
-
Visual Studio- Problem adding nuget packages
Your issue appears to be related to not having the appropriate permissions to the Nuget folder (so says the error). There is an existing Bug/Ticket open on the Nuget github for this exact issue. There are a few solutions and/or workarounds listed through the conversation that you can try: https://github.com/NuGet/Home/issues/12162. Unfortunately I do not have a Mac to validate the solutions or the issue myself.
What are some alternatives?
pgpverify-maven-plugin - Verify Open PGP / GPG signatures plugin
Git Diff Margin - Git Diff Margin displays live Git changes of the currently edited file on Visual Studio margin and scroll bar. Supports Visual Studio 2012 through Visual Studio 2022
platform-frontend-ai-toolkit - A set of helpful coding AI tooling for frontend development
Web Essentials - Visual Studio extension
package-manager-hardening - A non-exhaustive list of package manager hardening recommendations to help prevent supply chain vulnerability attacks. Includes AGENTS.md files and skills to enforce these recommendations.
VsVIM - Vim Emulator Plugin for Visual Studio 2015+