Working on mapping the world of open source software https://ecosyste.ms and empowering developers with https://octobox.io
Mostly posting on https://mastodon.social/@andrewnez
Andrew Nesbitt
Loading...
Joint Guidance on Vulnerability Naming and Disclosure: nesbitt.io/2026/06/12/j...
What Happened to tea.xyz
nesbitt.io/2026/06/11/w...
I had never really thought about it before, but it turns out that there are a number of package manager related patents: nesbitt.io/2026/06/08/p...
Forms of Open Source Government
nesbitt.io/2026/06/09/f...
This Week in Package Management: 6 June 2026 nesbitt.io/2026/06/06/t...
This Week in Package Management: 6 June 2026 nesbitt.io/2026/06/06/t...
A survey of install-script allowlist mechanisms across package managers and language ecosystems: nesbitt.io/2026/06/05/i...
gittuf - a signed log for git refs
nesbitt.io/2026/06/04/g...
Happy to see OSS maintainer burnout in the public discourse—good job Matthew!
'Heath believes governments should invest more in open source' - that she does 😘
I've been working on a jekyll plugin to make it easier to implement @standard.site: github.com/andrew/jekyl...
Releases, advisories, and articles from across the package management world
