View Blog Post

Using Dependabot with AWS CodeCommit

Introduction In the DevSecOps world, maintaining code dependencies is key to acquiring the latest security vulnerability updates, bug fixes, and new features.  While locking down to “known-good” revisions of dependencies may avoid potential bugs and incompatibilities during continuous integration, critical updates could be missed.  Dependabot provides an automated solution to dependency management that can be Read more…

View Blog Post

npm vs Yarn: Part 2

Previously, we covered the release of Yarn, a new package management system designed to fix some of the shortfalls associated with npm.  With improvements in speed, efficiency, readability, and dependency management, Yarn has shown itself to be a worthwhile tool.  In this post, we will put that tool to use and show just how powerful Yarn can be.  Before we can demonstrate its potential, we have to Read more…

View Blog Post

npm vs Yarn

Late last year, a new package management system for Javascript was introduced known as Yarn, designed to replace the deficiencies found in npm. Yarn has been showing up on Twitter and StackOverflow answers, but it isn’t always clear what the benefits and tradeoffs are, which is what this post aims to clear up. Yarn was Read more…