Package Management Icon

Package Management

Package management is software that automates the process of installing, upgrading, configuring, and removing other software.
20 Stories
All Topics

Go donatstudios.com

Go Modules have a v2+ problem

Jesse Donat:

Go has a problem. Go modules place a strange naming requirement on modules version 2 or greater. Module names on modules v2+ must end in the major version ala …/v2, and communication of this rule has been weak. It’s non-obvious, and the community at large does not understand it.

I have seen many very large projects including Google owned projects get it wrong.

I brought the issue up at my local Go meetup, and no one had ever heard about the rule. They were very skeptical the rule existed at all.

Jesse goes on to tell the history, explain the problem in-depth, and suggest next steps for the Go Community.

 Itamar Turner-Trauring pythonspeed.com

Options for packaging your Python code: Wheels, Conda, Docker, and more

There are a whole range of ways to package your Python software: Wheels, Pex, RPM/DEB, Conda, executables, Docker images, and more. Which ones should you use? In this overview you’ll learn why they all exist, the pros/cons of each method, and how it deals with things like code distribution and support for multiple applications.

xkcd Icon xkcd

Yet another xkcd instant classic

I’m a bit late to the party on this one (was out on vacay last week), but my oh my did Randall Munroe hit the nail on the head. I have a feeling we’ll be referencing xkcd #2347 for years to come…

Oh, and in case you’re not yet aware, xkcd’s image title attributes always carry an additional punch-line/comment (which is a brilliant way to make it worth visiting the site each go-around). I’ll save you a click, just this once:

Someday ImageMagick will finally break for good and we’ll have a long period of scrambling as we try to reassemble civilization from the rubble.

Yet another xkcd instant classic

Johanna Larsson blog.jola.dev

Building Hex Diff

Johanna Larsson built the super cool Hex Diff tool for the Elixir community. What does it do?

In short, you input any Hex package name and a version range, and it will generate a highlighted git diff for you, right there in your browser. Not only that, but you can also share the link to the diff, and even highlight a specific row.

In this post on her blog, Johanna goes into the details of how she built the project, how it works, and issues she ran into along the way.

JavaScript snowpack.dev

With Snowpack you can build modern web apps without a bundler

No more waiting for your bundler to rebuild your site every time you hit save. Instead, every change is reflected in the browser instantly.

This relies on ESM (Mikeal gave a great rundown on the current state of things on a recent JS Party), so it’s not for everyone. The homepage has rundowns on who should use this, who should avoid it, and how to get started.

Brought to you by the fine folks at Pika.

JavaScript itnext.io

‘No way to prevent this’, says only development community where this regularly happens

A wonderfully snarky take on the ongoing challenges with dependency management in JavaScript.

PURESCRIPT, NPM — In the hours following another package disaster on npm in which a lone developer killed more than dozens of CI builds and caused serious warnings in thousands of others, developers of the only community where this kind of disaster routinely occurs reportedly concluded Monday that there was no way to prevent the disaster from taking place.

GitHub Blog Icon GitHub Blog

GitHub launched its own package registry 😱

ICYMI — late Friday afterrnoon GitHub held a live event to announce the beta launch of GitHub Package Registry.

GitHub Package Registry is fully integrated with GitHub, so you can use the same search, browsing, and management tools to find and publish packages as you do for your repositories. You can also use the same user and team permissions to manage code and packages together. GitHub Package Registry provides fast, reliable downloads backed by GitHub’s global CDN. And it supports familiar package management tools: JavaScript (npm), Java (Maven), Ruby (RubyGems), .NET (NuGet), and Docker images, with more to come.

You can sign up for the beta here.

JavaScript github.com

Pika brings that nostalgic, 2014 simplicity to 2019 web development

Install npm dependencies that run natively in the browser… without a bundler!

Pika’s mission is to make modern JavaScript more accessible by making it easier to find, publish, install, and use modern packages on npm.

There’s a lot to digest here in terms of how it works (spoiler: Rollup), which packages you can use with it (spoiler: ESM required), and how it performs. On that topic:

When served with HTTP/2, @pika/web installations perform better in production than single “vendor” JavaScript bundles and most custom dependency bundling strategies due to the comparable load performance + more efficient cache usage.

Ruby bundler.io

Announcing Bundler 2.0

Congrats to the Bundler team (and entire Ruby community) for shipping an awesome update to this critical piece of infrastructure! Bundler truly changed the game for Rubyists around the world and we continue to benefit from its goodness.

What’s new in 2.0? A lot, but I’ll cherry pick a minor change that made me smile:

Changed the github: 'some/repo' gem source to use the https schema by default

Finally! That’s worth the price of admission from where I’m sitting. Also:

With the release of Bundler 2, the core team now kicks off a new release schedule for Bundler: we’re going to aim for one major version release per year, so we can drop support for older Ruby and RubyGems versions around the same time that the Ruby core team does. Being able to stop supporting Ruby 1.8.7 is a huge relief!

To the future!

Sumana Harihareswara pyfound.blogspot.com

The new PyPI is finally in beta

The Python Package Index (started 15 years ago) has reached beta stage for version 2.0.

We predict the full switch will happen in April 2018, so here’s a heads-up about why we’re switching, what’s changed, and what to expect.

The team is running Twitter and IRC-based livechat hours for the next few weeks so you can easily report problems you run into. As for what’s new in v2:

modern design and search, Markdown READMEs, and a way more scalable, sustainable backend.

The Changelog The Changelog #289

Automated dependency updates

Rhys Arkins joined the show to talk about automating dependency updates using Renovate.

Renovate is an open source tool to keep source code dependencies up-to-date using automated Pull Requests.

We talked about who’s using it, the languages and environments that are supported, self-hosted vs SaaS and how that plays into supporting this open source, auto-merging, being a GitHub App and in the GitHub Marketplace, and building this as a business on someone else’s platform.

0:00 / 0:00