323

Package managers be like(linux.community)

posted
by
Avatar
ExLisper@linux.community
in
Avatar
programmerhumor@lemmy.ml
161 comments
hidereport

Sorry Python but it is what it is.

Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments View context
Avatar
SpaceNoodle@lemmy.world
55 points

npm is objectively worse. Base pip packages aren’t getting hijacked.

permalink
report
parent
reply
Avatar
Redscare867@lemmy.ml
23 points

Maybe I’m misremembering, but didn’t pip have it’s own security concerns earlier this year?

permalink
report
parent
reply
Avatar
_stranger_@lemmy.world
6 points

I believe that was just name squatting.

permalink
report
parent
reply
Avatar
fragment@lemmy.world
6 points

It’s less the name squatting and more pip not supporting a certain PyPI resolution order: https://github.com/pypa/pip/issues/8606

For example, I have A, B and C in my requirements.txt but I want to install C from my own private PyPI. Everything works fine until someone uploads a package name C to the public PyPI then suddenly I’m not installing my private package anymore.

permalink
report
parent
reply
Show more comments

Programmer Humor

!programmerhumor@lemmy.ml

Create post

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

  • Posts must be relevant to programming, programmers, or computer science.
  • No NSFW content.
  • Jokes must be in good taste. No hate speech, bigotry, etc.

Community stats

  • 4.1K

    Monthly active users

  • 1.5K

    Posts

  • 35K

    Comments

Community moderators