Patching and forking in package managers
Summary
Patching and forking in package managers discusses strategies for handling known vulnerabilities in dependencies when maintainers do not release fixes. It compares system and language package managers, outlines redirecting to forks, transitive dependency overrides, in-place patches, and package substitutions, and surveys tooling across ecosystems. The piece highlights maintenance burden, lockfile implications, and compliance considerations like SBOMs and the EU Cyber Resilience Act.