Version Badge for NPM Modules
Since the original announcement two months ago, hundreds of package owners have installed the Version Badge, helping thousands of developers every day to quickly identify and find the installable package associated with a Github repo or a project webpage. Among many others, some notable projects are Devise, CanCan, Celluloid, and Slim.
Today, we are happy to introduce Version Badge for NPM modules.
Unleash the Fury.io
Over the course of the last few months, we have been carefully extending Gemfury for multi-user and multi-language use. Today, we would like to announce two big changes to the way you download and install your packages.
RubyGems.org Vulnerability Explained
After evaluating Gemfury’s processing of RubyGems, we feel it is important to share our understanding and bring awareness to possible security issues when parsing untrusted YAML input.
On January 30, 2013, the community package server RubyGems.org was compromised with a rogue code execution vulnerability. The all-volunteer team sprung to action and in the following 53 hours yanked the expoit, patched the vulnerability, verified all the existing gems, and migrated the service to AWS. As of today, the service has been restored and deemed safe for use.
Important: This vulnerability came from misuse of a standard YAML library and might not be specific to just RubyGems.org. Many applications depend on this library and are potentially vulnerable to a similar exploit if exposed to untrusted YAML input — please take this opportunity to audit and secure your own applications.
Gemfury Dev Center →
If you enjoy using Gemfury, you already know the benefits of DRY, encapsulation, and modularizing your code. However, building a new Gem is still not as easy as sticking a stray file or two into ./lib.
Today, we’re opening the Gemfury Dev Center as the best place to learn about packaging code. As we read countless blog posts, emails, and raw code, we will continue to extract some of the most precious tips, tricks, and other gems (haha, get it?) to share with you.
HTTPS: Is your URL string secure over SSL?
This article has been moved to the Gemfury Dev Center
Source: devcenter.gemfury.com
