Personal blog built with Jekyll and hosted on GitHub Pages.
I write about package management, software supply chain security, and open source infrastructure. I'm building Ecosyste.ms, a collection of open datasets and tools for understanding and improving critical open source infrastructure.
- The Nine Levels of JavaScript Dependency Hell
- Making git-pkgs feel like Git
- The Package Management Landscape
- How Dependabot Actually Works
- git-pkgs: explore your dependency history
- Open Source Activity in 2025
- Community Tools Bring Lockfile Support to GitHub Actions
- Categorizing Package Manager Clients
- Categorizing Package Registries
- The Compact Index: How Bundler Scales Dependency Resolution
![[email protected]](/andrew/nesbitt.io/blob/master/hire-me%402x.png){kind=link}