About 112 results
https://nesbitt.io/2026/03/02/transitive-trust.html · 2 Mar 2026
You trust your maintainers, who trust their maintainers, but do they trust their maintainers' maintainers?
https://nesbitt.io/2026/03/01/downstream-testing.html · 1 Mar 2026
Most library maintainers have no way to test against their dependents before releasing.
https://nesbitt.io/2026/02/28/npm-data-subject-access-request.html · 28 Feb 2026
A response to a GDPR data subject access request.
https://nesbitt.io/2026/02/24/reproducible-builds-in-language-package-managers.html · 24 Feb 2026
Verifying that a published package was actually built from the source it claims.
https://nesbitt.io/2026/02/23/where-do-specifications-fit-in-the-dependency-tree.html · 23 Feb 2026
RFC 9110 is a phantom dependency with thousands of transitive dependents.
https://nesbitt.io/2026/02/19/go-modules-for-package-management-tooling.html · 19 Feb 2026
The Go modules behind git-pkgs, rebuilt from my Ruby supply chain libraries.
https://nesbitt.io/2026/02/18/what-package-registries-could-borrow-from-oci.html · 18 Feb 2026
OCI's storage primitives applied to package management.
https://nesbitt.io/2026/02/17/platform-strings.html · 17 Feb 2026
An M1 Mac is aarch64-apple-darwin, arm64-darwin, darwin/arm64, or macosx_11_0_arm64 depending on which tool you ask.
https://nesbitt.io/2026/02/16/changelog.html · 16 Feb 2026
All notable changes to the math module will be documented in this file.
https://nesbitt.io/2026/02/15/separating-download-from-install-in-docker-builds.html · 15 Feb 2026
Most package managers could separate download from install for better Docker layer caching.