lirantal

Hi Ruby Devs 🙌

I've once shared an article with y'all here about setting up a local Ruby development environment, but folks were asking - what about setting up Ruby inside a container?

As a new developer in the Ruby ecosystem coming from Node.js and JavaScript, it took a bit of fiddling to figure out how to get a Ruby development environment up and running.

I needed to learn how to properly install Ruby on Mac, and how to do that without messing up the local (old and out of date) Ruby version on the macOS.

In this tutorial, you’ll learn how to do both! If you have the new macOS M1 laptops, don’t worry, this tutorial also works for installing Ruby on Mac M1.

🙏🏼🚨 Be careful of Gemfile.lock lockfile injection

The Ruby gem installation process allows package maintainers to execute arbitrary code during the installation time of their dependencies.

This is a powerful attack surface that can be used in conjunction with the lockfile injection attack of a Ruby application.

I've put together my thoughts and learnings about how dependency management work in Ruby (so many Ruby gems!)

It covers concepts around the Gemfile, Gemfile.lock, bundler, bundler-audit, Snyk, and how they're different.

On March 26, 2019, a malicious version of the popular bootstrap-sass package, that has been downloaded a total of 28 million times to date, was published to the official RubyGems repository. Version 3.2.0.3 includes a stealthy backdoor that gives attackers remote command execution on server-side Rails applications.