https://nesbitt.io/2017/02/24/exploring-unseen-open-source-infrastructure.html 2017-02-24T00:00:00+00:00 https://nesbitt.io/2017/11/10/what-does-a-sustainable-open-source-project-look-like.html 2017-11-10T00:00:00+00:00 https://nesbitt.io/2018/11/25/untangle-your-github-notifications-with-octobox.html 2018-11-25T00:00:00+00:00 https://nesbitt.io/2018/11/29/making-24-pull-requests-more-inclusive-for-2018.html 2018-11-29T00:00:00+00:00 https://nesbitt.io/2023/12/21/2023-ecosystems-end-of-year-update.html 2023-12-21T00:00:00+00:00 https://nesbitt.io/2024/06/24/from-zerover-to-semver-a-comprehensive-list-of-versioning-schemes-in-open-source.html 2024-06-24T15:52:00+00:00 https://nesbitt.io/2025/11/13/package-management-papers.html 2025-11-13T12:00:00+00:00 https://nesbitt.io/2025/11/15/package-manager-timeline.html 2025-11-15T12:00:00+00:00 https://nesbitt.io/2025/11/17/podcast-interviews-2025.html 2025-11-17T12:00:00+00:00 https://nesbitt.io/2025/11/26/extending-git-functionality.html 2025-11-26T12:00:00+00:00 https://nesbitt.io/2025/11/27/community-benchmarks-for-ai-coding-tools.html 2025-11-27T12:00:00+00:00 https://nesbitt.io/2025/11/28/revisiting-gitballs.html 2025-11-28T01:00:00+00:00 https://nesbitt.io/2025/11/29/oss-taxonomy.html 2025-11-29T08:00:00+00:00 https://nesbitt.io/2025/11/30/documenting-package-manager-data.html 2025-11-30T12:00:00+00:00 https://nesbitt.io/2025/12/01/promptver.html 2025-12-01T09:00:00+00:00 https://nesbitt.io/2025/12/02/what-is-a-package-manager.html 2025-12-02T10:00:00+00:00 https://nesbitt.io/2025/12/05/package-manager-tradeoffs.html 2025-12-05T10:00:00+00:00 https://nesbitt.io/2025/12/06/github-actions-package-manager.html 2025-12-06T10:00:00+00:00 https://nesbitt.io/2025/12/09/why-im-fascinated-by-package-management.html 2025-12-09T10:00:00+00:00 https://nesbitt.io/2025/12/10/slopsquatting-meets-dependency-confusion.html 2025-12-10T00:00:00+00:00 https://nesbitt.io/2025/12/11/building-ecosytems-polite-api-rate-limits.html 2025-12-11T00:00:00+00:00 https://nesbitt.io/2025/12/14/supply-chain-security-tools-for-ruby.html 2025-12-14T00:00:00+00:00 https://nesbitt.io/2025/12/15/how-i-assess-open-source-libraries.html 2025-12-15T00:00:00+00:00 https://nesbitt.io/2025/12/17/typosquatting-in-package-managers.html 2025-12-17T00:00:00+00:00 https://nesbitt.io/2025/12/18/docker-is-the-lockfile-for-system-packages.html 2025-12-18T10:00:00+00:00 https://nesbitt.io/2025/12/19/why-javascript-needed-docker.html 2025-12-19T10:00:00+00:00 https://nesbitt.io/2025/12/20/fosdem-2026-package-managers-devroom-schedule.html 2025-12-20T12:00:00+00:00 https://nesbitt.io/2025/12/21/federated-package-management.html 2025-12-21T10:00:00+00:00 https://nesbitt.io/2025/12/21/jekyll-stats-plugin.html 2025-12-21T10:37:00+00:00 https://nesbitt.io/2025/12/22/package-registries-are-governance-as-a-service.html 2025-12-22T10:00:00+00:00 https://nesbitt.io/2025/12/23/could-lockfiles-just-be-sboms.html 2025-12-23T10:00:00+00:00 https://nesbitt.io/2025/12/24/package-managers-keep-using-git-as-a-database.html 2025-12-24T10:00:00+00:00 https://nesbitt.io/2025/12/25/cursed-bundler-using-go-get-to-install-ruby-gems.html 2025-12-25T12:00:00+00:00 https://nesbitt.io/2025/12/26/how-uv-got-so-fast.html 2025-12-26T10:00:00+00:00 https://nesbitt.io/2025/12/27/how-to-ruin-all-of-package-management.html 2025-12-27T00:00:00+00:00 https://nesbitt.io/2025/12/28/the-compact-index.html 2025-12-28T10:00:00+00:00 https://nesbitt.io/2025/12/29/categorizing-package-manager-clients.html 2025-12-29T10:00:00+00:00 https://nesbitt.io/2025/12/29/categorizing-package-registries.html 2025-12-29T10:00:00+00:00 https://nesbitt.io/2025/12/30/community-tools-bring-lockfile-support-to-github-actions.html 2025-12-30T10:00:00+00:00 https://nesbitt.io/2025/12/31/open-source-activity-in-2025.html 2025-12-31T10:00:00+00:00 https://nesbitt.io/2026/01/01/git-pkgs-explore-your-dependency-history.html 2026-01-01T10:00:00+00:00 https://nesbitt.io/2026/01/02/how-dependabot-actually-works.html 2026-01-02T10:00:00+00:00 https://nesbitt.io/2026/01/03/the-package-management-landscape.html 2026-01-03T10:00:00+00:00 https://nesbitt.io/2026/01/04/making-git-pkgs-feel-like-git.html 2026-01-04T10:00:00+00:00 https://nesbitt.io/2026/01/05/the-nine-levels-of-javascript-dependency-hell.html 2026-01-05T10:00:00+00:00 https://nesbitt.io/2026/01/08/brew-vulns-cve-scanning-for-homebrew.html 2026-01-08T10:00:00+00:00 https://nesbitt.io/2026/01/09/package-management-blog-posts.html 2026-01-09T10:00:00+00:00 https://nesbitt.io/2026/01/10/16-best-practices-for-reducing-dependabot-noise.html 2026-01-10T10:00:00+00:00 https://nesbitt.io/2026/01/13/package-manager-glossary.html 2026-01-13T00:00:00+00:00 https://nesbitt.io/2026/01/14/package-manager-people.html 2026-01-14T12:00:00+00:00 https://nesbitt.io/2026/01/17/lockfile-format-design-and-tradeoffs.html 2026-01-17T10:00:00+00:00 https://nesbitt.io/2026/01/18/workspaces-and-monorepos-in-package-managers.html 2026-01-18T10:00:00+00:00 https://nesbitt.io/2026/01/19/a-jepsen-test-for-package-managers.html 2026-01-19T10:00:00+00:00 https://nesbitt.io/2026/01/19/importmap-lock.html 2026-01-19T10:00:00+00:00 https://nesbitt.io/2026/01/20/the-lesser-evil-of-compliance.html 2026-01-20T10:00:00+00:00 https://nesbitt.io/2026/01/21/an-ai-skill-for-skeptical-dependency-management.html 2026-01-21T00:00:00+00:00 https://nesbitt.io/2026/01/22/a-protocol-for-package-management.html 2026-01-22T10:00:00+00:00 https://nesbitt.io/2026/01/23/package-management-is-a-wicked-problem.html 2026-01-23T00:00:00+00:00 https://nesbitt.io/2026/01/24/rewriting-git-pkgs-in-go.html 2026-01-24T08:00:00+00:00 https://nesbitt.io/2026/01/25/pkgfed-activitypub-for-package-releases.html 2026-01-25T08:00:00+00:00 https://nesbitt.io/2026/01/26/introducing-package-chaos-monkey.html 2026-01-26T08:00:00+00:00 https://nesbitt.io/2026/01/27/the-c-shaped-hole-in-package-management.html 2026-01-27T10:00:00+00:00 https://nesbitt.io/2026/01/28/the-dependency-layer-in-digital-sovereignty.html 2026-01-28T10:00:00+00:00 https://nesbitt.io/2026/01/29/zig-and-the-mxn-supply-chain-problem.html 2026-01-29T10:00:00+00:00 https://nesbitt.io/2026/01/30/will-ai-make-package-managers-redundant.html 2026-01-30T10:00:00+00:00 https://nesbitt.io/2026/02/03/incident-report-cve-2024-yikes.html 2026-02-03T03:47:00+00:00 https://nesbitt.io/2026/02/04/package-management-at-fosdem-2026.html 2026-02-04T00:00:00+00:00 https://nesbitt.io/2026/02/05/git-magic-files.html 2026-02-05T10:00:00+00:00 https://nesbitt.io/2026/02/06/cratesio-freaky-friday.html 2026-02-06T00:00:00+00:00 https://nesbitt.io/2026/02/06/dependency-resolution-methods.html 2026-02-06T12:00:00+00:00 https://nesbitt.io/2026/02/08/sandwich-bill-of-materials.html 2026-02-08T00:00:00+00:00 https://nesbitt.io/2026/02/09/package-manager-podcast-episodes.html 2026-02-09T10:00:00+00:00 https://nesbitt.io/2026/02/10/lockfiles-killed-vendoring.html 2026-02-10T10:00:00+00:00 https://nesbitt.io/2026/02/11/package-management-consulting.html 2026-02-11T10:00:00+00:00 https://nesbitt.io/2026/02/12/the-many-flavors-of-ignore-files.html 2026-02-12T10:00:00+00:00 https://nesbitt.io/2026/02/13/respectful-open-source.html 2026-02-13T00:00:00+00:00 https://nesbitt.io/2026/02/14/package-management-namespaces.html 2026-02-14T00:00:00+00:00 https://nesbitt.io/2026/02/15/separating-download-from-install-in-docker-builds.html 2026-02-15T00:00:00+00:00 https://nesbitt.io/2026/02/16/changelog.html 2026-02-16T00:00:00+00:00 https://nesbitt.io/2026/02/17/platform-strings.html 2026-02-17T10:00:00+00:00 https://nesbitt.io/2026/02/18/what-package-registries-could-borrow-from-oci.html 2026-02-18T00:00:00+00:00 https://nesbitt.io/2026/02/19/go-modules-for-package-management-tooling.html 2026-02-19T00:00:00+00:00 https://nesbitt.io/2026/02/20/activitypub.html 2026-02-20T00:00:00+00:00 https://nesbitt.io/2026/02/21/whale-fall.html 2026-02-21T00:00:00+00:00 https://nesbitt.io/2026/02/22/forge-specific-repository-folders.html 2026-02-22T10:00:00+00:00 https://nesbitt.io/2026/02/23/where-do-specifications-fit-in-the-dependency-tree.html 2026-02-23T10:00:00+00:00 https://nesbitt.io/2026/02/24/reproducible-builds-in-language-package-managers.html 2026-02-24T10:00:00+00:00 https://nesbitt.io/2026/02/25/two-kinds-of-attestation.html 2026-02-25T00:00:00+00:00 https://nesbitt.io/2026/02/26/git-in-postgres.html 2026-02-26T10:00:00+00:00 https://nesbitt.io/2026/02/27/xkcd-2347.html 2026-02-27T10:00:00+00:00 https://nesbitt.io/2026/02/28/npm-data-subject-access-request.html 2026-02-28T10:00:00+00:00 https://nesbitt.io/2026/03/01/downstream-testing.html 2026-03-01T00:00:00+00:00 https://nesbitt.io/2026/03/02/transitive-trust.html 2026-03-02T10:00:00+00:00 https://nesbitt.io/2026/03/03/package-management-is-naming-all-the-way-down.html 2026-03-03T10:00:00+00:00 https://nesbitt.io/2026/03/04/package-managers-need-to-cool-down.html 2026-03-04T10:00:00+00:00 https://nesbitt.io/2026/03/05/package-manager-magic-files.html 2026-03-05T10:00:00+00:00 https://nesbitt.io/2026/03/06/gitlocal.html 2026-03-06T10:00:00+00:00 https://nesbitt.io/2026/03/07/announcing-new-working-groups.html 2026-03-07T10:00:00+00:00 https://nesbitt.io/2026/03/08/if-it-quacks-like-a-package-manager.html 2026-03-08T10:00:00+00:00 https://nesbitt.io/2026/03/09/100-posts.html 2026-03-09T10:00:00+00:00 https://nesbitt.io/2026/03/10/just-use-postgres.html 2026-03-10T10:00:00+00:00 https://nesbitt.io/2026/03/11/git-pkgs-actions.html 2026-03-11T10:00:00+00:00 https://nesbitt.io/2026/03/12/reviewing-enisas-package-manager-advisory.html 2026-03-12T10:00:00+00:00 https://nesbitt.io/2026/03/13/forge.html 2026-03-13T10:00:00+00:00 https://nesbitt.io/2026/03/14/whats-going-on-with-fair-package-manager.html 2026-03-14T10:00:00+00:00 https://nesbitt.io/2026/03/15/guided-meditation-for-developers.html 2026-03-15T10:00:00+00:00 https://nesbitt.io/2026/03/18/git-remote-helpers.html 2026-03-18T10:00:00+00:00 https://nesbitt.io/2026/03/19/the-fragmented-world-of-dependency-policy.html 2026-03-19T10:00:00+00:00 https://nesbitt.io/2026/03/20/package-manager-mirroring.html 2026-03-20T10:00:00+00:00 https://nesbitt.io/2026/03/21/how-to-attract-ai-bots-to-your-open-source-project.html 2026-03-21T10:00:00+00:00 https://nesbitt.io/2026/03/25/the-top-10-biggest-conspiracies-in-open-source.html 2026-03-25T10:00:00+00:00 https://nesbitt.io/2026/03/29/the-roles-of-packages.html 2026-03-29T10:00:00+00:00 https://nesbitt.io/2026/03/30/git-diff-drivers.html 2026-03-30T10:00:00+00:00 https://nesbitt.io/2026/03/31/npms-defaults-are-bad.html 2026-03-31T10:00:00+00:00 https://nesbitt.io/2026/04/03/package-manager-easter-eggs.html 2026-04-03T10:00:00+00:00 https://nesbitt.io/about/ https://nesbitt.io/consulting/ https://nesbitt.io/cv/ https://nesbitt.io/git/ https://nesbitt.io/ https://nesbitt.io/oss-is-going-just-great/ https://nesbitt.io/package-managers/ https://nesbitt.io/posts/ https://nesbitt.io/projects/ https://nesbitt.io/search/ https://nesbitt.io/stats.html https://nesbitt.io/2017/ https://nesbitt.io/2017/11/ https://nesbitt.io/2017/02/ https://nesbitt.io/2018/ https://nesbitt.io/2018/11/ https://nesbitt.io/2023/ https://nesbitt.io/2023/12/ https://nesbitt.io/2024/ https://nesbitt.io/2024/06/ https://nesbitt.io/2025/ https://nesbitt.io/2025/12/ https://nesbitt.io/2025/11/ https://nesbitt.io/2026/ https://nesbitt.io/2026/04/ https://nesbitt.io/2026/03/ https://nesbitt.io/2026/02/ https://nesbitt.io/2026/01/ https://nesbitt.io/xkcd-2347/ 2026-04-03T15:53:10+00:00