RubyGems
updates
Our great sponsors
RubyGems | updates | |
---|---|---|
25 | 1 | |
2,297 | 95 | |
0.2% | - | |
9.8 | 9.0 | |
1 day ago | 9 days ago | |
Ruby | JavaScript | |
MIT License | BSD 2-clause "Simplified" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
RubyGems
-
Phlex is the ruby way to build your views
However, let's examine a typical partial, such as the one from the . rubygems.org search show page
- Chrome considers gems to be dangerous?
- Rubygems.org Hacked?
- Rubygems.org marked by Chrome as an “unsafe site”
-
OOP vs. services for organizing business logic: is there a third way?
github.com/rubygems/rubygems.org (26k lines): Where Ruby gems are hosted.
-
RubyGems now requires MFA for owners of top gems
If anyone is looking to do some open source contributions on a mature, production Ruby on Rails site, I highly recommend contributing to the rubygems.org project. The code is extremely clean and the repo is very, very well run.
https://github.com/rubygems/rubygems.org
- Rubygems packages found carrying out dependency confusion research
-
Making popular Ruby packages more secure
RubyGems does have gem signing, but it's not widely used.
There's a proposal for a new "one button" approach using sigstore[0].
Other ecosystems are also looking at sigstore too, and a lot of us are cooperating in the OpenSSF Securing Software Repos WG [1]. Package signing is a regular topic of discussion and there are various efforts underway.
Disclosure: I am involved with both of these.
[0] https://github.com/rubygems/rubygems.org/pull/2944
[1] https://github.com/ossf/wg-securing-software-repos
- Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so.
updates
-
Where did these mysterious PrismJS npm versions come from?
Another open-source CLI tool called updates, which checks for npm dependency updates, had to rewrite its version resolution logic to not pull the 9000.0.x versions.
What are some alternatives?
Bundler
node-safe - 🤠 Make using Node.js safe again with Deno-like permissions
gemdiff - Find source repositories for ruby gems. Open, compare, and update outdated gem versions
lockfile-lint - Lint an npm or yarn lockfile to analyze and detect security issues
Gem in a Box - Really simple rubygem hosting
packages-outdated - Check that all dependencies are up to date 🕵 🕵
gemstash - A RubyGems.org cache and private gem server
slnpm - A simple and fast node.js package manager using symbolic link
passwordless - 🗝 Authentication for your Rails app without the icky-ness of passwords
rubygems - Library packaging and distribution for Ruby.
SharpZipLib - #ziplib is a Zip, GZip, Tar and BZip2 library written entirely in C# for the .NET platform.
PrismJS - Lightweight, robust, elegant syntax highlighting.