We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
RubyConf 2023 - Demystifying the Ruby package ecosystem by Jenny Shen
Demystify the complex Ruby package ecosystem with Jenny Shen, as she dives into the inner workings of Ruby gems, dependencies, and security measures.
- Ruby gems ecosystem can be complex and difficult to understand
- It’s hard to know what gems are installed and what versions of gems are used
- Most popular gems have many versions and dependencies
- Ruby gems maintains a list of trusted gem maintainers
- Typosquatting is a type of attack where a malicious actor publishes a gem with a similar name to a popular gem
- Ruby gems uses a millennial resolver to determine which gem to install
- Bundler is a gem that helps manage dependencies in Ruby applications
- Bundle install and bundle exec are commands that help manage gems
- Gem install can be used to install a specific version of a gem
- Rake release can be used to publish a gem
- Ruby gems uses a compact index to retrieve version information
- The pub grub algorithm is used to resolve dependencies and determine which gem to install
- Typosquatting can be mitigated by enabling MFA
- Ruby gems has a list of trusted gem maintainers
- Ruby gems uses a source method to define how gems are obtained
- The gem file is a Ruby DSL that defines the gem
- Gem install uses a definition object to determine which gem to install
- Ruby gems uses a fetcher to receive specs of gems
- Ruby gems uses instance eval to execute the gem file
- Ruby gems uses a gem push command to publish gems
- Ruby gems has a custom bin stub for Rails
- Ruby gems uses a millennial resolver to determine which gem to install