Former Java engineer turned Ruby engineer who is trying to understand Ruby and Rails, MacOS and a lot of other things. Worked at Flywheel, FNBO, ACI Worldwide.
Good question Archit, and I think this is a good callout. This post was really about the roadmap announcement rather than any real-time monitoring work.
For what it's worth on the ecosystem side: RubyGems.org exposes activity endpoints (/api/v1/activity/just_updated.json and /latest.json) plus the public /releases page, but those are pull-based rather than a true firehose. I'm not aware of an official stream, and I don't see maintainer-pattern correlation called out on the public roadmap specifically, though "security tooling" is listed as longer-term work. That kind of "first publish from a new maintainer"
alert feels like the sort of thing adding on the GitHub project board if it's not already there.
There are some commercial supply-chain scanners (Socket, Phylum) that do some of this today, but having it surfaced publicly by the registry would be a different level of signal, and would be a good thing.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Good question Archit, and I think this is a good callout. This post was really about the roadmap announcement rather than any real-time monitoring work.
For what it's worth on the ecosystem side: RubyGems.org exposes activity endpoints (/api/v1/activity/just_updated.json and /latest.json) plus the public /releases page, but those are pull-based rather than a true firehose. I'm not aware of an official stream, and I don't see maintainer-pattern correlation called out on the public roadmap specifically, though "security tooling" is listed as longer-term work. That kind of "first publish from a new maintainer"
alert feels like the sort of thing adding on the GitHub project board if it's not already there.
There are some commercial supply-chain scanners (Socket, Phylum) that do some of this today, but having it surfaced publicly by the registry would be a different level of signal, and would be a good thing.