Another option is to use a Dependency Firewall, such as Bytesafe, which allows you to quarantine unwanted open source packages with vulnerabilities or non-compliant licenses. The platform provides a policy engine where you define the open source usage and security rules and the Dependency Firewall does the enforcement. - Source: dev.to / over 1 year ago

There are a few companies in this space that are trying to do the "Security Seal of Approval" thing to various degrees. Tidelift is one company that has a bunch of "catalogs"[0] of packages. I'm not sure how their package metadata is generated though -- maybe semi-manually? There is also Bytesafe[1] which is supposed to help give you a way to "firewall" yourself from unapproved dependencies. I don't think they... - Source: Hacker News / almost 2 years ago

I was trying bytesafe.dev recently and it was good for me, as it would stop the npm install of any package that had a security issue. But now that I am out of the free trial, it is to limited for me without paying for an upgraded plan. And their support never replies to my requests. Source: about 2 years ago

These steps will let you get your own private repository using Bytesafe:. - Source: dev.to / over 2 years ago

When using private repositories from Bytesafe, public dependencies will be proxied, pulling any required (and allowed) version into your private Maven repository. Using public repositories like Maven Central as an upstream makes sure you can access your organization's required open source dependencies - while maintaining security and control. - Source: dev.to / over 2 years ago

Knowing you way through CocoaPods was also a useful skill couple of years ago - https://cocoapods.org/. Source: about 1 year ago

You'll also want cocoapods for dependency management on the iOS side. Install it using brew. - Source: dev.to / over 1 year ago

Hi everyone! I need help, and I will pay you half and all at the end. So, I need to make IOS Swift Application in Xcode, my topic is Planer. So it must store data on the server, it should have fun side features, my thought is to add a search bar and enable users to search for a particular task. It should use third-party library (https://cocoapods.org/) and it should have funcionallity to edit and delete taks. UX... Source: over 1 year ago

1., Run pod install first (the CocoaPods Frameworks and Libraries are not included in the repo). - Source: dev.to / over 1 year ago

This is fantastic work by the RubyGems maintainers! One interesting (IMO) aspect of this: there are secondary package ecosystems that piggyback on RubyGems that don't qualify for the 2FA mandate at the moment (since, as user-installed packages, they don't have quite the same volume as an extremely popular library package). The biggest one I can thing of is CocoaPods[1] -- huge swaths of the iOS and macOS... - Source: Hacker News / almost 2 years ago