RDLTR

Short for Read Later. Save links from any browser or phone. Click to save, read to clear. The full tour

One topic. Every takeSeek and you shall find

Reading up on Dependabot

3 deep · digging since mar 01

  • nesbitt.io favicon
    Dumb Ways for an Open Source Project to Die

    The piece enumerates dozens of distinct ways open-source projects become effectively dead, from maintainer abandonment to sabotage and ecosystem shifts.

  • nesbitt.io favicon
    Package Managers Need to Cool Down

    A survey finds that while many package managers and update tools have adopted dependency cooldowns to prevent supply chain attacks, implementations vary wildly in naming, scope, and timestamp handling, and major ecosystems like Go, Maven, and Gradle still lack support.

  • news.ycombinator.com favicon
    Turn Dependabot off

    Dependabot's version-based security alerts are noisy and less effective than static analysis tools that check reachability of vulnerable functions.