home.social

#dependencycooldowns — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #dependencycooldowns, aggregated by home.social.

  1. " #Dependencycooldowns are a free, easy, and incredibly effective way to mitigate the large majority of open source #supplychain attacks. More individual projects should apply cooldowns (via tools like Dependabot and Renovate) to their dependencies, and packaging ecosystems should invest in first-class support for cooldowns directly in their #packagemanagers "

    blog.yossarian.net/2025/11/21/