OpenSSF (Open Source Security Foundation), wanda Gidauniyar Linux ta kafa kuma da nufin inganta tsaro na buɗaɗɗen software, ta buga sabon bugu na nazarin ƙidayar jama'a na II, da nufin gano ayyukan buɗaɗɗen tushe waɗanda ke buƙatar tantance tsaro na fifiko. Binciken ya mayar da hankali kan nazarin lambar tushe da aka raba wanda aka yi amfani da shi kai tsaye a cikin ayyukan kasuwanci daban-daban ta hanyar dogaro da aka zazzage daga ma'ajiyar waje.
A sakamakon haka, an shirya jerin jerin fakitin 500 da aka fi amfani da su akai-akai, tsaro da ingancin kulawa wanda ke buƙatar kulawa ta musamman, tunda rauni da daidaitawa na masu haɓaka kayan aikin ɓangare na uku waɗanda ke da hannu cikin aikace-aikacen aikace-aikacen (sarkar samarwa) na iya. ƙin duk ƙoƙarin inganta kariyar babban samfurin. Akwai zaɓuɓɓukan jeri guda 8 gabaɗaya, abubuwan da ke cikin su an jera su dangane da sharuɗɗa daban-daban, kamar isarwa a ma'ajiyar NPM da kasancewar bayanan sigar yayin tantance abubuwan dogaro.
Fakitin JavaScript guda 10 da aka fi amfani da su daga wurin ajiyar NPM, waɗanda aikace-aikace suka zazzage su ba tare da an ɗaure su da sigar ba:
- lodash
- amsa
- axios
- debug
- @babel/core
- bayyana
- semver
- ayyu
- amsa-dom
- jquery
Fakitin Python guda 10 da aka fi amfani da su da aka rarraba ta wurin ajiyar pypi sune:
- shida
- pyaml
- buƙatun
- urllib3
- jinji 2
- Python-dateutil
- click
- idna
- chardet
- markupsafe
Fakitin dogaro da Ruby guda 10 da aka fi amfani da su da aka rarraba ta wurin ajiyar RubyGems sune:
- bouncy-castle-java
- awssdk
- rally-jasmine-core
- uwa-sdk
- nuni
- cscsl
- highcharts-js-rails
- antlr3
- rspec
- asmina
Abubuwan dogaron kunshin Java guda 10 da aka fi amfani da su da aka rarraba ta wurin ajiyar Maven sune:
- org.slf4j:slf4j-api
- com.fasterxml.jackson.core: jackson-databind
- com.google.guava:guwa
- com.fasterxml.jackson.core: jackson-core
- org.springframework: spring-framework-bom
- com.fasterxml.jackson.core: jackson-annotations
- gama-io: gama-io
- juni: juni
- org.apache.commons:commons-lang3
- Commons-codec: na kowa-codec
Fakitin dogaro na NET guda 10 da aka fi amfani da su da aka rarraba ta wurin ajiyar nuget sune:
- json.net
- na zamani
- newtonsoft.json
- castle.core-log4net
- newtonsoft.json
- castle.core-log4net
- freq tsarin dogara
- microsoft.extensions.caching.memory
- microsoft.extensions.dependencyinjection.abstractions
Fakitin abin dogaro guda 10 da aka fi amfani da su don yaren Go sune:
- grpc/grpc-go
- kubernetes/abokin ciniki-tafi
- kubernetes/apimachinery
- kubernetes/api
- mikewa/shaida
- kubernetes/klog
- pkg/ kurakurai
- spf13/kobra
- x/net
- prometheus/abokin ciniki_golang
source: budenet.ru