rfcs
HomeBrew
rfcs | HomeBrew | |
---|---|---|
7 | 1,281 | |
45 | 39,456 | |
- | 1.0% | |
4.6 | 10.0 | |
5 months ago | about 19 hours ago | |
Ruby | ||
- | BSD 2-clause "Simplified" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rfcs
-
Ruby Shield: Shopify donates $1M to stewards of rubygems, bundler
I can give a limited answer based on my own day-to-day work. I work in Ruby Dependency Security, which is the team who are most involved in helping out with rubygems.org and RubyGems work. Our biggest effort lately has been about rolling out MFA requirements for owners of top-most-downloaded gems. What I'd like to do afterwards is focus on gem signing using sigstore, which would make it a "one click" experience for authors. We did some work on it earlier this year[0] but chose to focus on MFA as our first big push. We also aim to devote a substantial fraction of our time to chopping wood and carrying water: looking at honeybadger exception reports, etc.
In terms of the long run there's a whole bunch that can be done to continuously harden every aspect of the Ruby supply chain. One thing we've been involved in founding is the OpenSSF Securing Software Repos working group[1], which has meant that RubyGems maintainers are now talking directly with folks from PyPI, npm, Maven Central, Cargo and others. We all face shared threats (eg, dependency confusion, resurrection attacks etc), so getting together to work collectively and share ideas has been super awesome.
[0] https://github.com/rubygems/rfcs/pull/37
[1] https://github.com/ossf/wg-securing-software-repos
-
Making popular Ruby packages more secure
That’s correct. If you’re a maintainer of a very popular gem, as of 15th August you’ll no longer be able to e.g. `gem push` if you haven’t enabled MFA on your RubyGems account. You will of course still be able to log in and enable it.
More details in the RFC: https://github.com/rubygems/rfcs/blob/master/text/0007-mfa-r...
-
NPM Vulnerability Discussion on Twitter
> < 10% had useful 2FA enabled.
I expect this to change. NPM will roll out mandatory MFA for the most-downloaded packages[0] (RubyGems as well[1]). I expect this will rise to a 100% requirement at some point because Github's decision to require MFA by the end of 2023 will massively raise the waterline of folks who have the capability to MFA and experience with MFA.
[0] https://github.blog/2021-11-15-githubs-commitment-to-npm-eco...
[1] https://github.com/rubygems/rfcs/issues/35
-
Sigstore
The RFC trying to introduce sigstore for RubyGems is an interesting look at this in practice: https://github.com/rubygems/rfcs/pull/37
- RFC for Sigstore Rubygems Signing
- RFC: Proposal for new signing mechanism
- Require MFA for most-used gems [RubyGems RFC]
HomeBrew
-
Top Homebrew Alternative: ServBay Becomes the Go-To for Developers
Homebrew is a highly popular package manager on macOS and Linux systems, enabling users to easily install, update, and uninstall command-line tools and applications. Its design philosophy focuses on simplifying the software installation process on macOS, eliminating the need for manual downloads and compilations of software packages.
-
Software Engineering Workflow
Homebrew - package manager for linux-based OSs.
-
Simulate your first Lightning transaction on the Bitcoin regtest network Part 1 (MacOS)
Package Manager: Homebrew
-
Tools for Linux Distro Hoppers
Hopping from one distro to another with a different package manager might require some time to adapt. Using a package manager that can be installed on most distro is one way to help you get to work faster. Flatpak is one of them; other alternative are Snap, Nix or Homebrew. Flatpak is a good starter, and if you have a bunch of free time, I suggest trying Nix.
-
SQLite Schema Diagram Generator
Are you using SQLite that ships with macOS, or SQLite installed from homebrew?
I had a different problem in the past with the SQLite that ships with macOS, and have been using SQLite from homebrew since.
So if it’s the one that comes with macOS that gives you this problem that you are having, try using SQLite from homebrew instead.
https://brew.sh/
-
How to install (Ubuntu 22.10 VM) vagrant on Mac M1 ship using QEMU
Before we begin, make sure you have Homebrew installed on your Mac. Homebrew is a package manager that makes it easy to install software and dependencies. You can install Homebrew by following the instructions on their website: https://brew.sh/
-
Perfect Elixir: Environment Setup
I’m on MacOS and erlang.org, elixir-lang.org, and postgresql.org all suggest installation via Homebrew, which is a very popular package manager for MacOS.
-
You're Installing Node.js Wrong. That's OK, Here Is How To Fix It 🙌
I have always either installed Node from the installer provided by the Nodejs website or, via Brew in macOS. I have also used nvm in the past but did not know that there was a best practice to guide us.
-
Test Driving a Rails API - Part One
A running Rails application needs a database to connect to. You may already have your database of choice installed, but if not, I recommend PostgreSQL, or Postgres for short. On a Mac, probably the easiest way to install it is with Posrgres.app. Another option, the one I prefer, is to use Homebrew. With Homebrew installed, this command will install PostgreSQL version 16 along with libpq:
-
Effective Neovim Setup. A Beginner’s Guide
On a macOS machine, you can use homebrew by running the command.
What are some alternatives?
sigstore-website - Codebase for sigstore.dev
spack - A flexible package manager that supports multiple versions, configurations, platforms, and compilers.
harden-runner - Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
npm
Visual Studio Code - Visual Studio Code
enquirer - Stylish, intuitive and user-friendly prompts, for Node.js. Used by eslint, webpack, yarn, pm2, pnpm, RedwoodJS, FactorJS, salesforce, Cypress, Google Lighthouse, Generate, tencent cloudbase, lint-staged, gluegun, hygen, hardhat, AWS Amplify, GitHub Actions Toolkit, @airbnb/nimbus, and many others! Please follow Enquirer's author: https://github.com/jonschlinkert
winget-cli - WinGet is the Windows Package Manager. This project includes a CLI (Command Line Interface), PowerShell modules, and a COM (Component Object Model) API (Application Programming Interface).
rubygems - Library packaging and distribution for Ruby.
osxfuse - FUSE extends macOS by adding support for user space file systems
package-analysis - Open Source Package Analysis
Chocolatey - Chocolatey - the package manager for Windows