Blog

The past weeks have shown that we need to take a more active stance to secure the conda-forge ecosystem. An overview of Pixi's new dependency cooldown feature, existing protections like disabled post-install scripts and Trusted Publishing with Sigstore, and plans for a community-driven CVE mapping for conda-forge packages.

AI coding agents use skills — markdown files that teach them domain-specific tasks. We publish ours as conda packages and manage them with pixi, getting versioning, lockfiles, and supply chain security for free.

Two approaches for deploying pixi-managed Python environments to production. The first uses Docker with multi-stage builds and distroless images to shrink containers from 691MB to 209MB. The second introduces pixi-pack, a tool that packages environments into compressed archives for sealed networks or Windows deployments where Docker is not an option.

QuantCo built Quant Ranger, a GitHub bot written in TypeScript that automates maintenance across hundreds of repositories — updating Python project templates, pre-commit hooks, and conda dependency versions. It runs on a configurable schedule via GitHub Actions, uses a plugin architecture for different update types, and solves CI authentication for automated pull requests through GitHub App tokens.

Deploying stuff in a corporate environment can sometimes be challenging due to proxies or firewalls. This article describes how I deployed JetBrains Gateway in a corporate environment with no internet access.

Tired of writing complicated Polars expressions? polarIFy automatically translates your easy-to-read Python methods into efficient Polars expressions!

We present an open source library to shrink pickled scikit-learn and lightgbm models. We will provide insights of how pickling ML models work and how to improve the disk representation. With this approach, we can reduce the deployment size of machine learning applications up to 6x.