欧盟网络安全局（ENISA）：2026年关于安全使用包管理器的技术咨询报告（英文版）

This document focuses on how developers can securely use package managers as part of their software development life cycle. In particular, this document, outlines common risks involved in the use of third-party packages, presents secure practices for selecting, integrating, and monitoring packages and describes approaches for addressing vulnerabilities found in dependencies.