Andrew Nesbitt [Unofficial]

@nesbitt.io.web.brid.gy

Package management and open source metadata expert. Building Ecosyste.ms, open datasets and tools for critical open source infrastructure. 🌉 bridged from 🌐 https://nesbitt.io/: https://fed.brid.gy/web/nesbitt.io

3 followers0 following19 stories

Longform Stories

Forms of Open Source Government

2d ago·6 min read·1064 words

Package Manager Patents

3d ago·4 min read·626 words

This Week in Package Management: 6 June 2026

5d ago·5 min read·956 words

Install-script allowlists

6d ago·17 min read·3245 words

gittuf - a signed log for git refs

Jun 4·6 min read·1178 words

Skills Registry Threat Models

Jun 3·21 min read·4176 words

The Infosec Phrasebook

Jun 1·2 min read·236 words

This Week in Package Management: 30 May 2026

May 30·5 min read·850 words

Composer’s dependency policies

May 29·7 min read·1244 words

Protestware for coding agents

May 28·4 min read·732 words

Package managers that package package managers

May 28·5 min read·809 words

CHAOSS Metrics in 2026

May 27·12 min read·2217 words

GitHub Actions security in Python packages

May 25·18 min read·3439 words

Signing is for the bad days

May 24·13 min read·2564 words

This Week in Package Management: 23 May 2026

May 23·5 min read·807 words

Dependency Pruning

May 22·9 min read·1734 words

RFC: Artificial Contributors to Open Source

May 21·8 min read·1472 words

Dumb Ways for an Open Source Project to Die

May 19·12 min read·2263 words

Language Registries Are Unstable by Default

May 15·9 min read·1798 words