Safeguard
Tag

dependency-management

Safeguard articles tagged "dependency-management" — guides, analysis, and best practices for software supply chain and application security.

129 articles

Buyer's Guides

Dependabot Alternatives in 2026: An Honest Buyer's Guide

An honest guide to Dependabot alternatives in 2026 — Renovate, Snyk, Socket, Endor Labs, Mend, and Safeguard — covering dependency updates, reachability analysis, malicious-package detection, and software supply chain security.

Jun 2, 20267 min read
Open Source Security

10 npm security best practices

Real npm supply-chain incidents from event-stream to the 2025 chalk/debug hack, and 10 concrete practices to stop install-time attacks, typosquatting, and token theft.

May 28, 20267 min read
Application Security

Python security best practices cheat sheet

A no-fluff cheat sheet of concrete Python security fixes—dependency pinning, pickle/eval risks, PyPI trust signals, and CI gates—with real CVEs and commands.

May 28, 20261 min read
Application Security

Better Ruby Gemfile security: a step-by-step guide

A step-by-step guide to auditing your Gemfile.lock, spotting RubyGems supply chain attacks, and locking down Ruby dependencies before they ship.

May 27, 20267 min read
Application Security

6 Angular security best practices cheat sheet

A six-part cheat sheet on Angular security: sanitizer limits, AngularJS EOL, dependency risk, token storage, CSP nonces, and library auditing.

May 26, 20267 min read
Application Security

10 Spring Boot security best practices

Ten concrete Spring Boot security practices, with real CVEs, config flags, and file paths, to close the gaps attackers actually exploit.

May 25, 20267 min read
Application Security

Fixing vulnerabilities in Maven projects

Maven vulnerability remediation isn't just running mvn versions:use-latest — here's how to triage, patch, and verify fixes without breaking builds.

May 22, 20266 min read
Application Security

Fixing vulnerabilities in Gradle projects

Gradle's resolved dependency graph rarely matches build.gradle. Here's how to find, force-fix, and lock vulnerable transitive dependencies for good.

May 22, 20266 min read
Application Security

The ultimate guide to creating a secure Python package

A concrete, numbers-first guide to locking dependencies, signing releases, and scanning for CVEs when building a secure Python package.

May 22, 20266 min read
Application Security

.NET and NuGet dependency vulnerability management

NuGet packages have delivered RATs, crypto stealers, and undisclosed data collection to .NET teams. Here's how to detect and defend against .NET/NuGet supply chain risk.

May 20, 20267 min read
Buyer's Guides

Socket.dev vs Dependabot: beyond automated dependency upd...

Dependabot patches known CVEs; Socket.dev flags risky package behavior. Neither enforces policy or ties risk to your actual build and runtime footprint — here's where Safeguard fits.

May 11, 20267 min read
Product

npm/package health and quality scoring methodology

How npm package health scores are calculated, why Socket.dev's model misses live supply chain attacks, and what Safeguard checks instead.

May 8, 20267 min read
dependency-management (Page 3) — Safeguard Blog