https://vlad.website/binary-dependencies-identifying-the-hidden-packages-we-all-depend-on/
Article
-
Explores precompiled binary deps that don’t appear in standard manifest files
-
Most ecosystems lack tooling to track binary vs. source dependencies
-
Security and reproducibility risk when binaries are opaque and unversioned
Discussion
-
Bootstrappable builds project cited as the full solution (build everything from source)
-
Nix flakes praised for giving complete dependency lockfiles including native binaries
-
Seth Larson’s PyCon talk referenced as related prior art on the Python angle
Discuss on HN
