Standard Reader

Tag

Package-managers

Every article tagged Package-managers across the Atmosphere.

112articles

Articles

Publications

Andrew NesbittJun 11, 2026

What Happened to tea.xyz

Reading the tea leaves

package-managerssupply-chain

Andrew NesbittJun 8, 2026

Package Manager Patents

A reference list of patents and applications relevant to package manager design, with notes on prior art.

package-managershistory

Andrew NesbittJun 6, 2026

This Week in Package Management: 6 June 2026

Releases, advisories, and articles from across the package management world

package-managersweekly

Andrew NesbittJun 5, 2026

Install-script allowlists

A survey of install-script allowlist mechanisms across package managers and language ecosystems.

package-managerssecurity

Andrew NesbittJun 3, 2026

Skills Registry Threat Models

How long until we see a CVE filed against a markdown file?

securitypackage-managers

Andrew NesbittMay 30, 2026

This Week in Package Management: 30 May 2026

Releases, advisories, and articles from across the package management world

package-managersweekly

Andrew NesbittMay 29, 2026

Composer's dependency policies

uBlock Origin for composer install

package-managerssecurity

Andrew NesbittMay 28, 2026

Package managers that package package managers

brew install spack install conda install cargo install uv tool install pip install poetry add pdm add conan

package-managers

Andrew NesbittMay 24, 2026

Signing is for the bad days

TUF, in-toto, and Sigstore only look pointless while nothing is on fire

supply-chainsecurity

Andrew NesbittMay 23, 2026

This Week in Package Management: 23 May 2026

Releases, advisories, and articles from across the package management world

package-managersweekly

Andrew NesbittMay 22, 2026

Dependency Pruning

A survey of unused-dependency detectors

supply-chaindependencies

Andrew NesbittMay 15, 2026

Language Registries Are Unstable by Default

apt install -t unstable, but make it your whole personality

package-managerssecurity

Andrew NesbittMay 11, 2026

A lightweight multi-ecosystem caching package proxy

package-managerstools

Andrew NesbittMay 10, 2026

Madame Semver Will See You Now

The cards do not lie.

package-managerssatire

Andrew NesbittMay 5, 2026

Package Manager Threat Models

The non-CVE half of package manager security

package-managerssecurity

Andrew NesbittMay 4, 2026

Package Manager CWEs

Recurring weakness classes in package managers

package-managerssecurity

Andrew NesbittMay 2, 2026

A GitHub for maintainers

Giving dependencies the same treatment the fork got

githubpackage-managers

Andrew NesbittMay 1, 2026

Patching and forking in package managers

What to do when upstream ghosts you

package-managerssecurity

Andrew NesbittApr 28, 2026

GitHub Actions is the weakest link

Anne Robinson would like a word with .github/workflows

Andrew NesbittApr 27, 2026

The stages of package installation

Denial, anger, bargaining, depression, acceptance, postinstall.

package-managerssecurity

Andrew NesbittApr 16, 2026

Features everyone should steal from npmx

What happens when users design their own package registry frontend

package-managersnpm

Andrew NesbittApr 15, 2026

The Tuesday Test

Like the Turing test but with more tacos.

package-managershomebrew

Andrew NesbittApr 14, 2026

Standing on the shoulders of Homebrew

Rewriting the easy parts of Homebrew.

package-managershomebrew

Andrew NesbittApr 13, 2026

Common Package Specification

Not the cross-ecosystem format the name suggests.

package-managersmetadata