About 15 results
https://nesbitt.io/2026/05/22/dependency-pruning.html · 22 May 2026
A survey of unused-dependency detectors
https://nesbitt.io/2026/05/07/free-as-in-tribbles.html · 7 May 2026
The next metaphor after free-as-in-puppy
https://nesbitt.io/2026/04/06/the-cathedral-and-the-catacombs.html · 6 Apr 2026
Stretching a metaphor deep into the floor.
https://nesbitt.io/2026/02/27/xkcd-2347.html · 27 Feb 2026
An interactive version of the dependency comic.
https://nesbitt.io/2026/02/23/where-do-specifications-fit-in-the-dependency-tree.html · 23 Feb 2026
RFC 9110 is a phantom dependency with thousands of transitive dependents.
https://nesbitt.io/2026/02/10/lockfiles-killed-vendoring.html · 10 Feb 2026
Why almost nobody vendors their dependencies anymore.
https://nesbitt.io/2026/02/06/dependency-resolution-methods.html · 6 Feb 2026
A reference on how package managers solve the version constraint satisfaction problem, from SAT solvers to content-addressed stores.
https://nesbitt.io/2026/01/20/the-lesser-evil-of-compliance.html · 20 Jan 2026
You are not paid to find good options. You are paid to choose.
https://nesbitt.io/2026/01/10/16-best-practices-for-reducing-dependabot-noise.html · 10 Jan 2026
A practical guide to ignoring security updates responsibly
https://nesbitt.io/2026/01/02/how-dependabot-actually-works.html · 2 Jan 2026
Inside dependabot-core's architecture, its reliance on proprietary GitHub infrastructure, and open source alternatives