clib is a C language package manager and dependency manager used to install, update, and manage external C libraries and executable dependencies from remote repositories. It functions as a distribution tool for structuring source code and metadata to publish C libraries and a development toolkit for maintaining consistent build environments. The project provides a framework for C library distribution and dependency resolution, utilizing manifest files to track required library versions and ensure reproducible builds across different systems. It streamlines the C development workflow by managi
RubyGems is a package manager for the Ruby language, serving as a tool for packaging, distributing, and installing libraries and software extensions. It functions as a dependency resolver and registry client, managing the installation of required libraries and their recursive dependencies to ensure consistent environments across development and production. The system handles the complete package lifecycle, including the building of distributable archives, the compilation of native C extensions for high-performance system integration, and the publishing of stable or prerelease versions to regi
This project provides a comprehensive guide for securing the software supply chain within Node.js and npm environments. It focuses on hardening the entire lifecycle of third-party dependencies and package publishing processes to protect applications from malicious code injection and unauthorized registry modifications. The guide distinguishes itself by emphasizing identity-based authentication and cryptographic provenance to verify the origin of distributed artifacts. It advocates for strict governance policies, such as enforcing minimum release ages for dependencies and disabling automatic l
Berry is a Node.js package manager, dependency resolution engine, and monorepo workspace manager. It provides the tools necessary for resolving, downloading, and managing dependencies to ensure consistent environments across different development machines, while also serving as a publishing tool for uploading versioned package tarballs to registries. The project is distinguished by its implementation of Plug'n'Play, which resolves dependencies without creating a physical node_modules directory by mapping dependencies directly to the file system. This enables a zero-install development workflo
This project is a command line interface for managing, installing, and publishing JavaScript packages to a remote registry. It serves as a dependency resolution tool, a software registry publishing client, and a security auditor for Node.js development workflows.
The main features of npm/cli are: Dependency Installers, Package Managers, Publishing Clients, Dependency Lockfiles, Package Publishing, Dependency Auditing, Monorepo Managers, Package Manager CLIs.
Open-source alternatives to npm/cli include: clibs/clib — clib is a C language package manager and dependency manager used to install, update, and manage external C libraries… ruby/rubygems — RubyGems is a package manager for the Ruby language, serving as a tool for packaging, distributing, and installing… bodadotsh/npm-security-best-practices — This project provides a comprehensive guide for securing the software supply chain within Node.js and npm… yarnpkg/berry — Berry is a Node.js package manager, dependency resolution engine, and monorepo workspace manager. It provides the… npm/npm — npm is a JavaScript package manager and dependency management tool. It serves as a command line interface for… cocoapods/cocoapods — CocoaPods is a dependency manager for Swift and Objective-C projects that integrates third-party libraries via…