Standard Reader
Andrew Nesbitt
package-managers

Andrew Nesbitt

Package management and open source metadata expert. Building Ecosyste.ms, open datasets and tools for critical open source infrastructure.

@andrewnez.bsky.social1readers162poststoday
LatestRecent writing
What Happened to tea.xyz
Jun 11, 2026
Reading the tea leaves
package-managerssupply-chain
Forms of Open Source Government
Jun 9, 2026
Open source has more forms of government than countries do.
1
open-sourcemaintainers
Package Manager Patents
Jun 8, 2026
A reference list of patents and applications relevant to package manager design, with notes on prior art.
package-managershistory
This Week in Package Management: 6 June 2026
Jun 6, 2026
Releases, advisories, and articles from across the package management world
package-managersweekly
Install-script allowlists
Jun 5, 2026
A survey of install-script allowlist mechanisms across package managers and language ecosystems.
package-managerssecurity
gittuf - a signed log for git refs
Jun 4, 2026
Branch protection is a row in someone else's database
gitsecurity
Skills Registry Threat Models
Jun 3, 2026
How long until we see a CVE filed against a markdown file?
securitypackage-managers
The Infosec Phrasebook
Jun 1, 2026
a/s/l/threat model?
securitysatire
This Week in Package Management: 30 May 2026
May 30, 2026
Releases, advisories, and articles from across the package management world
package-managersweekly
Composer's dependency policies
May 29, 2026
uBlock Origin for composer install
package-managerssecurity
Protestware for coding agents
May 28, 2026
printMessageForCodingAgents()
1
supply-chainsecurity
Package managers that package package managers
May 28, 2026
brew install spack install conda install cargo install uv tool install pip install poetry add pdm add conan
package-managers