dependency management
17 articles tagged dependency-management.
-
What version constraints actually look like across real Terraform estates
A version constraint feels like a fact about what's running. It's a record of what the author allowed. I measured how that plays out across four real Terraform estates.
-
You changed the shared CI template. Half the org got it instantly. The other half will never see it.
A shared CI change is not a release. It is two deployments at once: instant to the pipelines tracking your branch, silent to the ones pinned to a tag. You hold the roster for neither.
-
You deprecated the internal library. The repos still using it never saw the warning.
A deprecation warning only reaches consumers who recompile, and the repos that pinned the old version go quiet. Deprecating an internal library is a census problem.
-
How to Find Every Consumer of Your Internal Python Package
You maintain an internal Python package and a breaking change is coming. Which repos depend on it, at which version — and why pip, PyPI and your private index all answer the wrong question.
-
How to Find Every Consumer of Your Internal npm Package
You maintain an internal npm package and a breaking change is coming. Which repos depend on it, at which version — and why npm answers this for public packages but not for your scoped ones.
-
How to Find Every Consumer of Your GitLab CI Template
You maintain a shared GitLab CI template. Which projects include it, at which ref — and what breaks when you merge? Why GitLab can't tell you, and what can.
-
Backstage alternatives in 2026: first ask why you wanted Backstage
Every "Backstage alternatives" roundup lists the same five portals. None of them asks the question that decides which alternative is right: what job sent you looking in the first place?
-
The catalog maintenance trap: why service catalogs go stale
Backstage and the developer-portal category solve a real problem. The reason platform teams quietly abandon them is something different, and it points at the shape of what actually works.
-
AI Doesn't Understand Blast Radius: Why Change Failure Rates Are Up 30%
AI coding tools optimise for local correctness, but production breaks at the edges of the cross-repo dependency graph they can't see. A look at the 2025–2026 data — Cortex, DORA, CodeRabbit, and Amazon's own high-blast-radius memo — and what to put between the agent and main.
-
How to Find Every Consumer of Your Go Module
You maintain an internal Go module. A breaking API change is coming. Which repos across your org import it — and at which version? Here's why the answer is harder than it should be.
-
How to Find Every Consumer of Your Helm Chart
You maintain a shared Helm chart. A breaking value rename or API version bump is coming. Which deployments across your org depend on it — and at which version? Here's why the answer is harder than it should be.
-
How to Find Every Consumer of Your Reusable GitHub Actions Workflow
You maintain a shared GitHub Actions workflow. You need to rename an input, drop a step, or change a required secret. Which repos across your org call it — and at which ref? Here's why the answer is harder than it should be.
-
How to Find Every Consumer of Your Terraform Module
When you need to make a breaking change to a shared Terraform module, which repos are affected? Here's why the answer is harder than it should be.
-
How to Find Every Consumer of Your Docker Base Image
When a CVE hits your Docker base image, which repos are affected? Here's why the answer is harder than it should be, and what a real solution requires.
-
The State of Infrastructure Dependency Tooling in 2026
An honest survey of the infrastructure dependency tooling landscape in 2026 — what Backstage, Renovate, HCP Terraform Explorer, Nx, Wiz, and DIY scripts each solve, where they fall short, and the gap that none of them fill.
-
Auto-Discovering Infrastructure Dependencies Across 10 Ecosystems
A technical deep-dive into auto-discovering cross-repo dependencies across Terraform, Docker, CI pipelines, Python, Go, npm, Ansible, Helm, Kubernetes, and Kustomize — and why each ecosystem fights back.
-
The Infrastructure Dependency Problem No One Has Solved
Why every platform team eventually builds the same brittle script, and why it keeps breaking. A deep look at cross-repo dependency visibility — the infrastructure problem hiding in plain sight.