GitHub

An effort to provide awesome documentation for the RubyGems ecosystem.

Pick one from the repo issues Port content from help.rubygems.org knowledge base Find lots of StackOverflow/ruby-talk questions and get their common answers in here Fill out more guides! Every guide ...
theregister

RubyGems maintainer quits after Ruby Central takes control of project

A decade-long RubyGems maintainer, Ellen Dash (also known as duckinator), has resigned from Ruby Central following what she described as a "hostile takeover" of the open source project. RubyGems is ...
The Hacker News

Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository

As developers increasingly embrace off-the-shelf software components into their apps and services, threat actors are abusing open-source repositories such as RubyGems to distribute malicious packages, ...
GitHub

Gems yanked and accounts locked

There are a few select scenarios where a published gem could be yanked and your account can be locked by the rubygems.org team members. creates a backdoor for remote code execution steals sensitive ...
Bleeping Computer

Malicious RubyGems packages used in cryptocurrency supply chain attack

New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users. RubyGems is a package manager for the Ruby ...
The Hacker News

RubyGems Makes Multi-Factor Authentication Mandatory for Top Package Maintainers

RubyGems, the official package manager for the Ruby programming language, has become the latest platform to mandate multi-factor authentication (MFA) for popular package maintainers, following the ...
heise online

Who owns an open source project? – RubyGems threatens to split

Ruby Central, a non-profit organisation of the Ruby community, seized control of the GitHub repositories and some important gems of the RubyGems and Bundler package ecosystems without warning in ...
GIGAZINE

RubyGems' GitHub Enterprise was renamed to Ruby Central, expelling existing maintainers

Below is a copy and paste of a PDF written by a maintainer named Ellen Dash about the RubyGems controversy, written by a Hacker News user. Ellen, who has been a member of the Ruby community since she ...
Dark Reading

60 RubyGems Packages Steal Data From Annoying Spammers

For two years now, a Korean threat actor has been publishing malicious open source software (OSS) packages designed to steal credentials from spam marketers. Are you tired of shady, throwaway online ...
Bleeping Computer

Check your gems: RubyGems fixes unauthorized package takeover bug

The RubyGems package repository has fixed a critical vulnerability that would allow anyone to unpublish ("yank") certain Ruby packages from the repository and republish their tainted or malicious ...
Ars Technica

Supply-chain attack hits RubyGems repository with 725 malicious packages

More than 725 malicious packages downloaded thousands of times were recently found populating RubyGems, the official channel for distributing programs and code libraries for the Ruby programming ...