March 2026
Package Manager Magic Files
Package manager magic files and where to find them: .npmrc, MANIFEST.in, Directory.Packages.props, .pnpmfile.cjs, and more.
Package Managers Need to Cool Down
A survey of dependency cooldown support across package managers and update tools.
Package Management is Naming All the Way Down
There are two hard problems in computer science, and package managers found at least eight of them.
Transitive Trust
You trust your maintainers, who trust their maintainers, but do they trust their maintainers' maintainers?
Downstream Testing
Most library maintainers have no way to test against their dependents before releasing.