What approaches are being used in the management of Open Source libraries like java script and python? We have managed the JS side for a while, but Python is adding additional layers of complexity in terms of: version management, dependency alignment, license compliance, vulnerability identification and mitigation and given the numbers of components - automation is critical. Some libraries have been rolled into internal framework.

1.5k views1 Upvote2 Comments

Sort by:

Engineer in Consumer Goods6 months ago

If your project relies on open-source libraries—whether distributed via NPM for JavaScript, PyPi for Python, Cargo for Rust, or other package managers—we utilize internal repositories like Nexus to manage them (you may want to use GitHub registries or other artefact storage solutions). These repositories serve both as a place to publish private libraries and, when necessary, to host forks of critical open-source dependencies (making them internal). There should be no distinction among private, external and open-source libraries; all dependencies must be stored within controlled boundaries and managed by your development team.

Sr Software Principal engineer (Gen AI and ML Security) in Hardware6 months ago

Sounds like you need to borrow some DevOps practices to manage! Maintaining a central repo and establish some guidance could help but it does with an overhead (resources).

Content you might like

How can Agentic AI contribute in middleware technologies (API Gateway, Service Bus and Event brokers) mainly in integration automations, observability, and security?

I’m currently evaluating the Nice Actimize Integrated Fraud Management platform and would appreciate any feedback from users. How has it worked for you, and would you recommend it?

On what scale would you say has your company experienced an impact from executive orders and decreases in US government spending?

Significant22%

Noticeable/Meaningful36%

Minimal33%

Zero9%

View Results

In light of recent challenges related to managing context when using LLMs (https://research.trychroma.com/context-rot), how is the approach of using LLMs for extracting deeper insights evolving?

How likely do you think it is that a four day work week will become the standard over the next 12 months?

Inevitable3%

Highly likely14%

Somewhat likely16%

Somewhat unlikely19%

Very unlikely41%

Impossible6%

View Results

Sort by:

Content you might like

How can Agentic AI contribute in middleware technologies (API Gateway, Service Bus and Event brokers) mainly in integration automations, observability, and security?

I’m currently evaluating the Nice Actimize Integrated Fraud Management platform and would appreciate any feedback from users. How has it worked for you, and would you recommend it?

On what scale would you say has your company experienced an impact from executive orders and decreases in US government spending?

In light of recent challenges related to managing context when using LLMs (https://research.trychroma.com/context-rot), how is the approach of using LLMs for extracting deeper insights evolving?

How likely do you think it is that a four day work week will become the standard over the next 12 months?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

How to develop top customer journeys using VoC data

Preparing For Shifting Data Privacy Laws: Data Leader Perspective

Hyperautomation: Are You Automating Your Business?

The CIO and CEO Relationship: CIO Perspective

Take Your Insights On-the-Go