Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ossf/package-manager-best-practices
Collection of security best practices for package managers.
https://github.com/ossf/package-manager-best-practices
Last synced: 7 days ago
JSON representation
Collection of security best practices for package managers.
- Host: GitHub
- URL: https://github.com/ossf/package-manager-best-practices
- Owner: ossf
- License: apache-2.0
- Archived: true
- Created: 2022-02-11T18:27:14.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2022-09-26T06:00:48.000Z (about 2 years ago)
- Last Synced: 2024-08-02T17:38:05.139Z (3 months ago)
- Size: 89.8 KB
- Stars: 157
- Watchers: 29
- Forks: 19
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# **Package Manager Best Practices**
Collection of security best practices documentation for various package
managers
A project under the [Best Practices for Open Source Developers
WG](https://github.com/ossf/wg-best-practices-os-developers).
## **Motivation** / **Objective**
This project intends to create documents that cover the recommend way to use
various package managers for optimum security.
[Video introduction starts here](https://youtu.be/b7p8U6H2jcI?t=2396)
## **Scope**
Documents for package managers, such as:
* npm
* Pip
* RubyGems
* etc.
## **Process**
The procedure for proposing, reviewing, and publishing guideline documents is covered in [process.md](process.md)
# **Get Involved**
* See [Best Practices for Open Source Developers WG](https://github.com/ossf/wg-best-practices-os-developers) for meetings/lists/slack/etc.