Standard Search
About 105 results
Free as in Tribbles
https://nesbitt.io/2026/05/07/free-as-in-tribbles.html · 7 May 2026
The next metaphor after free-as-in-puppy
open-source dependencies security supply-chain
Revisiting the 2015 Open Source Census
https://nesbitt.io/2026/05/06/revisiting-the-2015-open-source-census.html · 6 May 2026
The riskiest projects in open source, scored a decade early
security open-source
Package Manager Threat Models
https://nesbitt.io/2026/05/05/package-manager-threat-models.html · 5 May 2026
The non-CVE half of package manager security
package-managers security
Package Manager CWEs
https://nesbitt.io/2026/05/04/package-manager-cwes.html · 4 May 2026
Recurring weakness classes in package managers
package-managers security
Patching and forking in package managers
https://nesbitt.io/2026/05/01/patching-and-forking-in-package-managers.html · 1 May 2026
What to do when upstream ghosts you
package-managers security
GitHub Actions is the weakest link
https://nesbitt.io/2026/04/28/github-actions-is-the-weakest-link.html · 28 Apr 2026
Anne Robinson would like a word with .github/workflows
github security package-managers supply-chain
'Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them'
https://stuartbreckenridge.net/2026-04-27-someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/ · 27 Apr 2026
This keeps happening.
wordpress security
The stages of package installation
https://nesbitt.io/2026/04/27/the-stages-of-package-installation.html · 27 Apr 2026
Denial, anger, bargaining, depression, acceptance, postinstall.
package-managers security
brief
https://nesbitt.io/2026/04/21/brief.html · 21 Apr 2026
A knowledge base of project conventions, exposed as a CLI.
tools git-pkgs ai security
The Tuesday Test
https://nesbitt.io/2026/04/15/the-tuesday-test.html · 15 Apr 2026
Like the Turing test but with more tacos.
package-managers homebrew supply-chain security
110310 verified documents in index