issues
search
ossf
/
package-manager-best-practices
Collection of security best practices for package managers.
Apache License 2.0
158
stars
19
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
npm: mention generating provenance statements
#42
UlisesGascon
opened
1 year ago
1
npm: mention new granular access tookens
#41
laurentsimon
opened
1 year ago
0
feat: added reference to email exposure through the NPM API
#39
UlisesGascon
closed
1 year ago
2
docs: fix spelling issue for reproducible installs
#38
lirantal
closed
1 year ago
0
npm: improve text with example
#37
laurentsimon
opened
1 year ago
0
Add initial section covering vuln disclosure
#36
darakian
closed
1 year ago
13
npm: recommendation for standalone CLI projects
#35
yoavain
opened
1 year ago
12
Use .gitkeep files to keep empty dirs.
#34
jeffmendoza
closed
1 year ago
0
s/GPG/ECDSA
#33
MylesBorins
closed
1 year ago
0
swap order of lockfiles and vendoring dependencies
#32
MylesBorins
closed
1 year ago
0
Fix grammatical and spelling errors on `npm.md`
#31
ran-dall
closed
1 year ago
6
fix: Use lowercase `package-lock.json` for title
#30
erezrokah
closed
1 year ago
0
Move NPM to published and add version
#29
jeffmendoza
closed
1 year ago
9
Remove confusing reference to colors
#28
jeffmendoza
closed
1 year ago
0
Update recommendations on publishing packages.
#27
jeffmendoza
closed
1 year ago
0
fix: use lowercase `package-lock.json`, fix shrinkwrap file link
#26
erezrokah
closed
1 year ago
0
Update recommendations for lockfiles
#25
laurentsimon
closed
1 year ago
7
RC npm: lockfiles or no lockfiles
#24
laurentsimon
closed
1 year ago
8
RC npm: lockfiles or no lockfiles
#23
laurentsimon
closed
2 years ago
0
Change recommendations for needing CLI tool in automated environment.
#22
jeffmendoza
closed
2 years ago
0
In progress: rpm best practices guide
#21
ByteHackr
opened
2 years ago
2
RC npm: recommend committing a secure .npmrc file?
#20
lirantal
opened
2 years ago
22
Clarify npm install
#19
jeffmendoza
closed
2 years ago
0
Clarify pinning and lockfile
#18
jeffmendoza
closed
2 years ago
0
Clarify vendoring issues
#17
jeffmendoza
closed
2 years ago
1
Clarify uppercase characters
#16
jeffmendoza
closed
2 years ago
0
RC npm: install scripts are common attack vectors
#15
mlieberman85
closed
1 year ago
16
RC npm: install scripts and reproducible installation
#14
calebbrown
closed
1 year ago
2
RC npm: do not recommend publishing from CI
#13
ljharb
closed
1 year ago
2
RC npm: CLI instructions are confusing
#12
ljharb
closed
2 years ago
2
RC npm: install instructions are unclear
#11
ljharb
closed
2 years ago
0
RC npm: "Shrinkwrap.json" does not exist, and is hostile in a published package
#10
ljharb
closed
1 year ago
25
RC npm: "hash pinning" is a confusing term
#9
ljharb
closed
2 years ago
13
RC npm: vendoring dependencies is a horrifically bad practice we should be actively discouraging
#8
ljharb
closed
2 years ago
2
RC npm: incorrect claim about `colors`
#7
ljharb
closed
1 year ago
2
RC npm: uppercase letters *are* supported in package names
#6
ljharb
closed
2 years ago
0
Fix plural in dir names to match.
#5
jeffmendoza
closed
2 years ago
1
Move npm document to review directory.
#4
jeffmendoza
closed
2 years ago
2
Publish draft of npm best practices guide
#3
jeffmendoza
closed
2 years ago
3
In progress: npm best practices guide
#2
jeffmendoza
closed
2 years ago
0
Readme update and process proposal.
#1
jeffmendoza
closed
2 years ago
0