Analysis of 15,000+ top PyPI packages reveals only 1.58% ship with SBOMs (238 packages), all CycloneDX format with zero SPDX adoption. The study, enabled by PyPI-TEA (a PEP 770 bridge to the Transparency Exchange API), identified 37 invalid SBOMs all tracing to a single cargo-cyclonedx bug and highlights the urgent need for improved SBOM adoption in the Python ecosystem.
Shopify describes performance improvements to Ruby's Bundler and RubyGems, including increasing HTTP connection pooling from 1 to 5 connections (237% faster downloads), removing redundant tarball integrity checks, parallelizing git clones (3x faster), and introducing cibuildgem—a tool for publishing precompiled native extension binaries via GitHub Actions to eliminate slow compilation during bundle install.