Package Management
It dependencies
Jerod goes one-on-one with our old friend Justin Searls! We talk build vs buy decisions, dependency selection & how Justin has implemented POSSE (Post On Site Syndicate Elsewhere) in response to the stratification of social networks.
Modernizing packages to ESM
Mark Erikson (web dev professor/historian, OSS Maintainer & engineer at Replay) joins us to talk about the shift from CommonJS to ESM. We discuss the history of module patterns in JS and the grueling effort to push the world’s biggest developer ecosystem forward. Get ready to go to school kids, this one’s deep!
There's a whole PEP about that
Brett Cannon (our unofficial ambassador to the Python community) is here to help alleviate our pip install anxiety. Along the way, we ask him about Python 4, removing the GIL, what he thinks about Chris Lattner’s Mojo project, Rust in the Python world & way more (of course).
The pain of dependency management
Baruch Sadogursky (Chief Sticker Officer at JFrog) joins Natalie & Johnny to lament the current state of dependency management in Go and other languages. They discuss the problems dependency managers face, possible technical mitigations like SBOMs, people problems that will never be solved by tech, and take questions from listeners in the #gotimefm channel of Gophers Slack.
Grokking Go.dev
Carmen, Mat, and Jon are joined by Steve Francia and Julie Qiu to discuss the new Go.dev website. What was the motivation behind it? What technology was used to build it? How are they working to make package discovery better? And what resources are there to help you convince your manager to use Go on that upcoming project?
Mikeal schools us on ES Modules
ES Modules are unflagged in Node 13. What does this mean? Can we use them yet? We chat with Mikeal, our resident expert, and find out.
It’s just JavaScript®️
Jerod, Kball, Divya, and Nick share their initial impressions of GitHub’s recently announced package registry, what JS skills are trending in job listings, and shout outs!
Bundle because you want to, not because you need to
Jerod and Nick are joined by Fred K. Schott – the main brain behind Pika. What’s that, you ask? An effort to make modern JavaScript more accessible by making it easier to find, publish, install, and use modern packages on npm.
Homebrew! Part Deux
We’re talking with Mike McQuaid about Homebew 2.0.0, supporting Linux and Windows 10, the backstory and details surrounding the security issue they had in 2018, their new governance model, Mike’s new role, the core team meeting in-person at FOSDEM this year, and what’s coming next for Homebrew.
Automated dependency updates
Rhys Arkins joined the show to talk about automating dependency updates using Renovate. Renovate is an open source tool to keep source code dependencies up-to-date using automated Pull Requests. We talked about who’s using it, the languages and environments that are supported, self-hosted vs SaaS and how that plays into supporting this open source, auto-merging, being a GitHub App and in the GitHub Marketplace, and building this as a business on someone else’s platform.