/package-manager-best-practices

Collection of security best practices for package managers.

Apache License 2.0Apache-2.0

Package Manager Best Practices

Collection of security best practices documentation for various package managers

A project under the Best Practices for Open Source Developers WG.

Motivation / Objective

This project intends to create documents that cover the recommend way to use various package managers for optimum security.

Video introduction starts here

Scope

Documents for package managers, such as:

  • npm
  • Pip
  • RubyGems
  • etc.

Process

The procedure for proposing, reviewing, and publishing guideline documents is covered in process.md

Get Involved