ossf package-manager-best-practices issues

ossf / package-manager-best-practices

Collection of security best practices for package managers.

Apache License 2.0

158 stars 19 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

npm: mention generating provenance statements

#42 UlisesGascon opened 1 year ago
1
npm: mention new granular access tookens

#41 laurentsimon opened 1 year ago
0
feat: added reference to email exposure through the NPM API

#39 UlisesGascon closed 1 year ago
2
docs: fix spelling issue for reproducible installs

#38 lirantal closed 1 year ago
0
npm: improve text with example

#37 laurentsimon opened 1 year ago
0
Add initial section covering vuln disclosure

#36 darakian closed 1 year ago
13
npm: recommendation for standalone CLI projects

#35 yoavain opened 1 year ago
12
Use .gitkeep files to keep empty dirs.

#34 jeffmendoza closed 1 year ago
0
s/GPG/ECDSA

#33 MylesBorins closed 1 year ago
0
swap order of lockfiles and vendoring dependencies

#32 MylesBorins closed 1 year ago
0
Fix grammatical and spelling errors on `npm.md`

#31 ran-dall closed 1 year ago
6
fix: Use lowercase `package-lock.json` for title

#30 erezrokah closed 1 year ago
0
Move NPM to published and add version

#29 jeffmendoza closed 1 year ago
9
Remove confusing reference to colors

#28 jeffmendoza closed 1 year ago
0
Update recommendations on publishing packages.

#27 jeffmendoza closed 1 year ago
0
fix: use lowercase `package-lock.json`, fix shrinkwrap file link

#26 erezrokah closed 1 year ago
0
Update recommendations for lockfiles

#25 laurentsimon closed 1 year ago
7
RC npm: lockfiles or no lockfiles

#24 laurentsimon closed 1 year ago
8
RC npm: lockfiles or no lockfiles

#23 laurentsimon closed 2 years ago
0
Change recommendations for needing CLI tool in automated environment.

#22 jeffmendoza closed 2 years ago
0
In progress: rpm best practices guide

#21 ByteHackr opened 2 years ago
2
RC npm: recommend committing a secure .npmrc file?

#20 lirantal opened 2 years ago
22
Clarify npm install

#19 jeffmendoza closed 2 years ago
0
Clarify pinning and lockfile

#18 jeffmendoza closed 2 years ago
0
Clarify vendoring issues

#17 jeffmendoza closed 2 years ago
1
Clarify uppercase characters

#16 jeffmendoza closed 2 years ago
0
RC npm: install scripts are common attack vectors

#15 mlieberman85 closed 1 year ago
16
RC npm: install scripts and reproducible installation

#14 calebbrown closed 1 year ago
2
RC npm: do not recommend publishing from CI

#13 ljharb closed 1 year ago
2
RC npm: CLI instructions are confusing

#12 ljharb closed 2 years ago
2
RC npm: install instructions are unclear

#11 ljharb closed 2 years ago
0
RC npm: "Shrinkwrap.json" does not exist, and is hostile in a published package

#10 ljharb closed 1 year ago
25
RC npm: "hash pinning" is a confusing term

#9 ljharb closed 2 years ago
13
RC npm: vendoring dependencies is a horrifically bad practice we should be actively discouraging

#8 ljharb closed 2 years ago
2
RC npm: incorrect claim about `colors`

#7 ljharb closed 1 year ago
2
RC npm: uppercase letters *are* supported in package names

#6 ljharb closed 2 years ago
0
Fix plural in dir names to match.

#5 jeffmendoza closed 2 years ago
1
Move npm document to review directory.

#4 jeffmendoza closed 2 years ago
2
Publish draft of npm best practices guide

#3 jeffmendoza closed 2 years ago
3
In progress: npm best practices guide

#2 jeffmendoza closed 2 years ago
0
Readme update and process proposal.

#1 jeffmendoza closed 2 years ago
0