{"id":13599660,"url":"https://github.com/ossf/package-manager-best-practices","last_synced_at":"2025-04-10T17:31:48.725Z","repository":{"id":38289611,"uuid":"458297764","full_name":"ossf/package-manager-best-practices","owner":"ossf","description":"Collection of security best practices for package managers.","archived":true,"fork":false,"pushed_at":"2022-09-26T06:00:48.000Z","size":92,"stargazers_count":157,"open_issues_count":6,"forks_count":19,"subscribers_count":29,"default_branch":"main","last_synced_at":"2024-08-02T17:38:05.139Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ossf.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-02-11T18:27:14.000Z","updated_at":"2024-07-14T20:38:28.000Z","dependencies_parsed_at":"2022-07-14T03:20:37.610Z","dependency_job_id":null,"html_url":"https://github.com/ossf/package-manager-best-practices","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":"ossf/project-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ossf%2Fpackage-manager-best-practices","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ossf%2Fpackage-manager-best-practices/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ossf%2Fpackage-manager-best-practices/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ossf%2Fpackage-manager-best-practices/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ossf","download_url":"https://codeload.github.com/ossf/package-manager-best-practices/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223442582,"owners_count":17145802,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T17:01:08.570Z","updated_at":"2024-11-07T01:30:25.430Z","avatar_url":"https://github.com/ossf.png","language":null,"funding_links":[],"categories":["Others"],"sub_categories":[],"readme":"# **Package Manager Best Practices**\n\nCollection of security best practices documentation for various package\nmanagers\n\nA project under the [Best Practices for Open Source Developers\nWG](https://github.com/ossf/wg-best-practices-os-developers).\n\n## **Motivation** / **Objective**\n\nThis project intends to create documents that cover the recommend way to use\nvarious package managers for optimum security.\n\n[Video introduction starts here](https://youtu.be/b7p8U6H2jcI?t=2396)\n\n## **Scope**\n\nDocuments for package managers, such as:\n\n* npm\n* Pip\n* RubyGems\n* etc.\n\n## **Process**\n\nThe procedure for proposing, reviewing, and publishing guideline documents is covered in [process.md](process.md)\n\n# **Get Involved**\n\n*   See [Best Practices for Open Source Developers WG](https://github.com/ossf/wg-best-practices-os-developers) for meetings/lists/slack/etc.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fossf%2Fpackage-manager-best-practices","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fossf%2Fpackage-manager-best-practices","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fossf%2Fpackage-manager-best-practices/lists"}