If you've been paying attention to the security space over the last couple of years, you've probably noticed a trend. Supply chain attacks are everywhere. They affect everyone: that tiny utility package buried deep in your dependency tree, giant companies with teams of engineers, solo maintainers, and everyone in between.

I've been thinking about this a lot recently, partly because we went through the exercise of hardening our own repos at Velopack, and partly because some of the attacks that surfaced recently are genuinely terrifying. I wanted to talk about what's been happening, why it matters, and what you can actually do about it.

In the last year we've seen a shift in react-router and @tanstack-router towards the idea of a "Data Router" or "Loader" which allows you to strongly tie your data fetching directly to your router. There are some benefits and drawbacks to this approach, but overall if it's done well it can result in a very measurable improvement to user experience.

Due to .app bundles on OSX requiring me to preserve internal symlinks in Velopack, I've had to work on a cross-platform and cross-framework implementation for handling symlinks.

If you're only targeting .NET 6 and higher, you can stop reading here - because there's already great support in the framework via FileSystemInfo.LinkTarget, Directory.CreateSymbolicLink and other built-in methods.

If you need to target the Full .Net Framework, then read on...

In the world of software development, crafting the application is only half the battle. The other half? Getting your hard work onto the devices of users, which, let me tell you, is easier said than done. For those of us who have wrestled with the tangled web of software distribution, the headaches are all too familiar. It's like you're expected to be a jack-of-all-trades, mastering not one, not two, but a myriad of update frameworks and installers, each as diverse as the platforms and languages they cater to.

There are plenty of great options available for static site documentation generators, I wouldn't even bother trying to name them all.

The journey to find one that would work for Velopack was painful and took a few tries.