Package Management - sgml/signature GitHub Wiki

Comparison

Language	Package Manager	Relevant GitHub Issue	Minimum RAM	Disk Cache Requirements
Python	Poetry	Poetry memory usage issue	~512 MB	~100 MB
PHP	Composer	Composer 2 memory usage improvements	~512 MB	~100 MB
Perl	CPAN	CPAN memory usage monitoring	~256 MB	~50 MB
Ruby	RubyGems	RubyGems memory usage discussion	~256 MB	~50 MB
TCL	tcllib	Tcllib memory usage topic	~128 MB	~30 MB
OCaml	OPAM	OPAM memory usage concerns	~256 MB	~50 MB
Erlang	rebar3	Rebar3 memory efficiency issue	~256 MB	~50 MB
JavaScript	pnpm	pnpm memory usage issue	~512 MB	~100 MB

Linux

Nix

nix_package_manager:
  unique_features:
    reproducible_builds: "Ensures identical outputs across machines, crucial for consistent environments."
    atomic_upgrades_and_rollbacks: "Facilitates seamless updates and reversions without disrupting the system."
    multiple_versions_coexisting: "Allows simultaneous usage of different package versions without conflict."
    declarative_configuration: "Enables users to define their system state declaratively, simplifying maintenance."
    isolation_and_sandboxing: "Builds packages in clean, isolated environments for reliable results."

devops_tools_using_s_expressions:
  tools:
    - name: Nix
      description: "Utilizes a declarative language inspired by S-expressions for package definitions and builds."
    - name: Emacs
      description: "Leverages S-expressions extensively for configuration and scripting in workflows, including DevOps."

References

• https://devopedia.org/package-manager
• https://fossies.org/linux/
• https://jfearn.fedorapeople.org/en-US/RPM/4/html/RPM_Guide/ch-advanced-packaging.html

CPAN

• https://metacpan.org/pod/CPAN
• https://support.cs.utah.edu/index.php/misc/22-installing-perl-modules

Yarn / NPM

• https://classic.yarnpkg.com/lang/en/docs/envvars/
• https://yarnpkg.com/getting-started/migration
• https://docs.npmjs.com/cli/v9/using-npm/config#environment-variables
• https://www.npmjs.com/package/npm

Serverless

• https://www.serverless.com/framework/docs/providers/aws/guide/variables
• https://www.serverless.com/framework/docs/environment-variables
• https://www.serverless.com/framework/docs/providers/openwhisk/guide/variables

PIP

• https://pip.pypa.io/en/stable/user_guide/
• https://pip.pypa.io/en/stable/topics/configuration/
• https://www.activestate.com/products/python/pip-tools/pip-install-environment/

Maven

• https://medium.com/codefx-weekly/java-9-maven-compile-errors-module-names-kill-switches-73411c511750

Security

• http://neurocline.github.io/papers/survey-of-programming-language-packaging-systems.html
• https://snyk.io/blog/publishing-malicious-packages/
• https://www.cloudfoundry.org/blog/security-corner-snyk-top-six-vulnerabilities-maven-npm/
• http://manpages.ubuntu.com/manpages/xenial/man3/CPAN.3perl.html
• https://metacpan.org/pod/CPAN
• https://news.ycombinator.com/item?id=8226139
• https://news.ycombinator.com/item?id=11341990
• http://incolumitas.com/2016/06/30/what-other-package-managers-are-vulnerable-to-typosquatting/
• https://github.com/topics/package-manager
• http://www.modulecounts.com
• https://depfu.com/blog/2017/03/22/a-brief-history-of-dependency-management
• https://blackducksoftware.atlassian.net/wiki/spaces/INTDOCS/pages/49131875/Hub+Detect
• https://news.ycombinator.com/item?id=11088125