April 2026

All posts

Announcing the 2026 Open Source Fantasy Draft

Apr 30, 2026

Twelve teams, snake draft, standard scoring, no salary cap

GitHub Actions is the weakest link

Apr 28, 2026

Anne Robinson would like a word with .github/workflows

The stages of package installation

Apr 27, 2026

Denial, anger, bargaining, depression, acceptance, postinstall.

brief

Apr 21, 2026

A knowledge base of project conventions, exposed as a CLI.

Features everyone should steal from npmx

Apr 16, 2026

What happens when users design their own package registry frontend

The Tuesday Test

Apr 15, 2026

Like the Turing test but with more tacos.

Standing on the shoulders of Homebrew

Apr 14, 2026

Rewriting the easy parts of Homebrew.

Common Package Specification

Apr 13, 2026

Not the cross-ecosystem format the name suggests.

Package Registries and Pagination

Apr 10, 2026

100MB of metadata for 10,451 versions.

Package Security Defenses for AI Agents

Apr 9, 2026

Lockfiles, sandboxes, and cooldown timers.

Package Security Problems for AI Agents

Apr 8, 2026

Packages all the way down, agents all the way up.

Who Built This?

Apr 7, 2026

Tracing a dependency back to its source commit.

The Cathedral and the Catacombs

Apr 6, 2026

Stretching a metaphor deep into the floor.

What does Open Source mean?

Apr 4, 2026

A stack of incompatible expectations.

Package Manager Easter Eggs

Apr 3, 2026

A tour of the easter eggs hiding inside package managers.