RubyGems
passwordless
| RubyGems | passwordless | |
|---|---|---|
| 26 | 1 | |
| 2,358 | 1,301 | |
| 0.6% | 0.8% | |
| 9.9 | 6.8 | |
| 4 days ago | 14 days ago | |
| Ruby | Ruby | |
| MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
RubyGems
-
⚙️ Building a better Ruby ORM for time series and analytics
The following code snippet highlights the real-life use case that inspired me to build a continuous aggregates macro for better time-series data aggregations. It’s part of a RubyGems contribution I made, and it’s still a work in progress. However, it’s worth validating how this idea can reduce the Ruby code you’ll have to maintain.
-
Phlex is the ruby way to build your views
However, let's examine a typical partial, such as the one from the . rubygems.org search show page
- Chrome considers gems to be dangerous?
- Rubygems.org Hacked?
- Rubygems.org marked by Chrome as an “unsafe site”
-
OOP vs. services for organizing business logic: is there a third way?
github.com/rubygems/rubygems.org (26k lines): Where Ruby gems are hosted.
-
RubyGems now requires MFA for owners of top gems
If anyone is looking to do some open source contributions on a mature, production Ruby on Rails site, I highly recommend contributing to the rubygems.org project. The code is extremely clean and the repo is very, very well run.
https://github.com/rubygems/rubygems.org
- Rubygems packages found carrying out dependency confusion research
-
Making popular Ruby packages more secure
RubyGems does have gem signing, but it's not widely used.
There's a proposal for a new "one button" approach using sigstore[0].
Other ecosystems are also looking at sigstore too, and a lot of us are cooperating in the OpenSSF Securing Software Repos WG [1]. Package signing is a regular topic of discussion and there are various efforts underway.
Disclosure: I am involved with both of these.
[0] https://github.com/rubygems/rubygems.org/pull/2944
[1] https://github.com/ossf/wg-securing-software-repos
passwordless
What are some alternatives?
Gem in a Box - Really simple rubygem hosting
warden-github-rails - Use GitHub as authorization and more. Use organizations and teams as means of authorization by simply wrapping your rails routes in a block. Also useful to get a user's details through OAuth.
gemdiff - Find source repositories for ruby gems. Open, compare, and update outdated gem versions
Authlogic - A simple ruby authentication solution.
gemstash - A RubyGems.org cache and private gem server
Devise - Flexible authentication solution for Rails with Warden.