#package-registry

#package-registry

npmx is about speed and simplicity. It gives you useful data like install size, module format and outdated dependencies ... we're also building social features into npmx because open source is better when it's easier to connect with the people behind the packages.

Chainguard has rebuilt nearly one million unique versions of Java dependencies, including enterprise essentials such as Spring Boot, Jackson, Apache Commons, and Log4j, using the Chainguard Factory, an automated platform for creating software builds based on code originally found in open source software repositories.

Dependabot sounded the alarm on a large scale. Thousands of repositories automatically received pull requests and warnings, including a high vulnerability score and signals about possible compatibility issues. According to Valsorda, this shows that the tool mainly checks whether a dependency is present, without analyzing whether the vulnerable code is actually accessible within a project.

Over the past decade, software development has been shaped by two closely related transformations. One is the rise of devops and continuous integration and continuous delivery (CI/CD), which brought development and operations teams together around automated, incremental software delivery. The other is the shift from monolithic applications to distributed, cloud-native systems built from microservices and containers, typically managed by orchestration platforms such as Kubernetes.

It allows developers to test code, review pull requests, and more, but also exposes them to attacks via repository-defined configuration files, Orca says. "Codespaces is essentially VS Code running in the cloud, backed by Ubuntu containers, with built-in GitHub authentication and repository integration. This means any VS Code feature that touches execution, secrets, or extensions can potentially be abused when attackers control the repository content," the cybersecurity firm notes.

Industry professionals are realizing what's coming next, and it's well captured in a recent LinkedIn thread that says AI is moving on from being just a helper to a full-fledged co-developer - generating code, automating testing, managing whole workflows and even taking charge of every part of the CI/CD pipeline. Put simply, AI is transforming DevOps into a living ecosystem, one driven by close collaboration between human judgment and machine intelligence.

DBmaestro is a database release automation solution that can blend the database delivery process seamlessly into your current DevOps ecosystem with minimal fuss, and without complex installation or maintenance. Its handy database pipeline builder allows you to package, verify, and deploy, and gives you the ability to pre-run the next release in a provisional environment to detect errors early. You get a zero-friction pipeline, which is often not the case with database delivery process.

Almost a quarter of those surveyed said they had experienced a container-related security incident in the past year. The bottleneck is rarely in detecting vulnerabilities, but mainly in what happens next. Weeks or months can pass between the discovery of a problem and the actual implementation of a solution. During that period, applications continued to run with known risks, making organizations vulnerable, reports The Register.

The real cost of poor observability isn't just downtime; it's lost trust, wasted engineering hours, and the strain of constant firefighting. But most teams are still working across fragmented monitoring tools, juggling endless alerts, dashboards, and escalation systems that barely talk to one another, which acts like chaos disguised as control. The result is alert storms without context, slow incident response times, and engineers burned out from reacting instead of improving.

Central to the GA release is Agentic Chat. This functionality builds on the previously introduced Duo Chat but goes a step further by leveraging context from virtually every part of GitLab. Think of issues, merge requests, CI/CD pipelines, and security findings. Agentic Chat can not only advise, but also actually perform actions on behalf of developers, depending on the rights and approvals that have been set.

Giving coding agents full access to all of Ramp's engineering tools is what makes Inspect truly innovative. Instead of only letting agents write basic code, Ramp's system runs in sandboxed virtual machines on Modal. It works seamlessly with databases, CI/CD pipelines, monitoring tools like Sentry and Datadog, feature flags, and communication platforms such as Slack and GitHub. Agents can write code and ensure it works by using the same testing and validation processes that engineers use every day.