Home / Companies / Sonar / Blog / December 2019

December 2019 Summaries

2 posts from Sonar

Filter
Month: Year:
Post Summaries Back to Blog
The concept of a package manager has been around for nearly 25 years, with early examples appearing in Linux distributions. These early package managers provided simple tools to download and install pre-built binary packages, including dependency metadata. The evolution of package management led to the development of application package managers like CPAN for Perl, Maven for Java, and NPM for JavaScript. Today, these application package managers sit alongside system package managers, allowing developers to have different versions of libraries for different applications, but also introducing new challenges such as managing dependencies and security issues across multiple packages. The need for tools to help users and creators understand their library dependencies has become increasingly important in the modern software development landscape.
Dec 19, 2019 792 words in the original blog post.
The use of open source components in modern applications is widespread, with 92% of professional applications relying on them. However, managing these dependencies has become more complex, and traditional practices such as vendoring or bundling have fallen out of favor due to difficulties in tracking versions and updating libraries. The solution lies in using a manifest file to describe direct dependencies and generating a lockfile that includes transitive dependencies, allowing for easy sharing and deployment of the same version across different environments. This approach has been adopted by various package managers such as npm, yarn, Rubygems, pip, and packagist, enabling developers to manage their dependencies more efficiently and reduce unintended changes or security vulnerabilities.
Dec 12, 2019 752 words in the original blog post.