The Hacker News

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Researchers expose Discord webhook C2 in npm, PyPI, RubyGems; North Korean actors published 338 malicious npm packages with ...
GIGAZINE

RubyGems' GitHub Enterprise was renamed to Ruby Central, expelling existing maintainers

Below is a copy and paste of a PDF written by a maintainer named Ellen Dash about the RubyGems controversy, written by a Hacker News user. Ellen, who has been a member of the Ruby community since she ...
GIGAZINE

Investigation reveals Shopify manipulated Ruby Central to force takeover of Bundler and RubyGems

Ruby Central, a non-profit organization that manages a package management system for Ruby, has expelled the maintainer of a related system called RubyGems, sparking controversy over a 'takeover.' A ...
Hosted on MSN

RubyGems maintainer quits after Ruby Central takes control of project

A decade-long RubyGems maintainer, Ellen Dash (also known as duckinator), has resigned from Ruby Central following what she described as a "hostile takeover" of the open source project.… RubyGems is ...
Bleeping Computer

Malicious Rust packages on Crates.io steal crypto wallet keys

Two malicious packages with nearly 8,500 downloads in Rust's official crate repository scanned developers' systems to steal cryptocurrency private keys and other secrets. Rust crates are distributed ...
TheServerSide

Full GitHub Actions environment variables list for YAML build workflow scripts example

Community driven content discussing all aspects of software development from DevOps to design patterns. If a developer wants to build a workflow, shell script or build job of any merit, they’ll need ...