EPISODE · Jun 18, 2026 · 8 MIN
How Open Source Projects Handle Dependency Hell
from Open Source with Fexingo: Linux, GitHub, and Community-Driven Software Conversations · host Fexingo
In episode 58 of Open Source with Fexingo, Lucas and Luna tackle one of the messiest problems in open source: dependency hell. They zoom in on the 2018 event-stream fiasco, where a single malicious dependency update compromised thousands of downstream projects. The hosts break down why nested dependencies are so fragile, how tools like npm's lockfile and Python's pip freeze try to fix it, and why the maintainer of a popular left-pad library once unpinned his code and broke the internet. They also explore emerging solutions like supply-chain security frameworks, reproducible builds, and the idea of a 'dependency budget.' If you've ever felt a shudder when running npm install, this episode is for you. #DependencyHell #OpenSource #SupplyChainSecurity #EventStream #LeftPad #NPM #Python #Lockfile #ReproducibleBuilds #Maintainer #Technology #FexingoBusiness #BusinessPodcast #SoftwareDevelopment #DevOps #Security #Linux #GitHub Keep every episode free: buymeacoffee.com/fexingo
What this episode covers
In episode 58 of Open Source with Fexingo, Lucas and Luna tackle one of the messiest problems in open source: dependency hell. They zoom in on the 2018 event-stream fiasco, where a single malicious dependency update compromised thousands of downstream projects. The hosts break down why nested dependencies are so fragile, how tools like npm's lockfile and Python's pip freeze try to fix it, and why the maintainer of a popular left-pad library once unpinned his code and broke the internet. They also explore emerging solutions like supply-chain security frameworks, reproducible builds, and the idea of a 'dependency budget.' If you've ever felt a shudder when running npm install, this episode is for you. #DependencyHell #OpenSource #SupplyChainSecurity #EventStream #LeftPad #NPM #Python #Lockfile #ReproducibleBuilds #Maintainer #Technology #FexingoBusiness #BusinessPodcast #SoftwareDevelopment #DevOps #Security #Linux #GitHub Keep every episode free: buymeacoffee.com/fexingo
NOW PLAYING
How Open Source Projects Handle Dependency Hell
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m