Projects
Ecosyste.ms
Tools and open datasets to support OSS.Octobox
Take back control of your GitHub notifications.24 Pull Requests
Giving back to open source for the holidays.Manifest Podcast
A podcast all about package management.Split
The Rack Based AB testing frameworkLibraries.io
The Open source Discovery Service.86 Days
Toyota GT86 Track Day Car RentalTrackday.social
Discover upcoming track day events at the UK's premier racing circuits.ARG Performance
GT86 and BRZ mods, maintenance and servicing.First Pull Request
What was your first pull request?node-sass
Node.js bindings to libsassHomebrew Bundle
Bundler for non-ruby dependencies from homebrew-
Could lockfiles just be SBOMs?
Lockfiles and SBOMs record the same information in different formats. What if package managers used SBOMs directly, instead of converting later?
-
Package Registries Are Governance Providers
Registries host files, but they also decide who owns names, how disputes resolve, and what gets removed. That second job is governance.
-
Jekyll Stats Plugin
A Jekyll plugin that adds a stats command to show word counts, reading time, posting frequency, and tag distributions.
-
Federated Package Management and the Zooko Triangle
The trade-offs that make truly decentralized package management impractical
-
Package Managers Devroom at FOSDEM 2026: Schedule Announced
Nine talks on supply chain security, dependency resolution, and registry economics
-
Why JavaScript Needed Docker
How Docker became JavaScript's real lockfile
-
Docker is the Lockfile for System Packages
Why Docker filled the reproducibility gap that system package managers left open
-
Typosquatting in Package Managers
A reference guide to typosquatting techniques, real-world examples, and detection tools.
-
How I Assess Open Source Libraries
What I actually look at when deciding whether to adopt a dependency.
-
Supply Chain Security Tools for Ruby
Ruby implementations of PURL, VERS, SBOM, and SWHID specs.
Podcast Interviews
-
The world of open source metadata with Andrew Nesbitt from ecosyste.ms
Changelog Interviews #665: Building tools and open datasets to support, sustain, and secure critical digital infrastructure
-
Ecosyste.ms with Andrew Nesbitt
Open Source Security: Ecosyste.ms catalogs open source projects by tracking packages, dependencies, repositories, and more
-
Ben Nickolls & Andrew Nesbitt on Ecosyste.ms
Sustain Episode 270: Exploring ecosyste.ms, a project using open source metadata to guide funding and support key projects
-
Package Metadata Working Group with Andrew Nesbitt and Damián Vicino
CHAOSScast Episode 121: Discussing the formation and objectives of the Package Metadata Working Group within the CHAOSS community
-
Trends from UN OSS Week and OSSNA
CHAOSScast Episode 115: Reflections on UN Open Source Week in New York and CHAOSScon North America
-
Dawn Foster & Andrew Nesbitt at State of Open Con 2023
Sustain Episode 159: Andrew talks about his history with 24 Pull Requests, Libraries.io, and Ecosyste.ms
-
Untangle your GitHub notifications with Octobox
Changelog Interviews #327: How Octobox came to be and why open source maintainers love it
-
24 Pull Requests and Libraries.io
Changelog Interviews #188: A special doubleheader holiday show discussing 24 Pull Requests and Libraries.io
-
Measuring Success in Open Source
Request For Commits #3: Open source metrics and how to interpret data around dependencies and usage
-
Episode 22: Andrew Nesbitt
Bet On Yourself: Creator of Libraries.io, Dependency CI and 24 Pull Requests on solving discoverability and sustainability in open source
Presentations
-
Ecosyste.ms: Exploring Open Source Software Landscapes
Presented at EasyBuild User Meeting in 2025
-
Can my friends come too?
Presented at Brighton Ruby in 2017
-
Elasticsearch on Rails
Presented at South-West Elastic Community Meetup in 2015
-
Robotics 101
Presented at Hackference in 2014
-
Learning how to Tinker
Presented at HybridConf in 2014
-
The Rise of JavaScript Hardware Hacking
Presented at jQuery UK in 2014
-
JavaScript in the Real World
Presented at Full Frontal in 2013
-
The Future of Nodecopter
Presented at LXJS in 2013
-
Turbo Charging your workflow with Node.js
Presented at Webshaped in 2013
-
The Meetup Organisers Field Guide
Presented at Bristol IT Mega Meet in 2013
Videos
-
Panel Discussion: The Impact of Funding
With Georg Link, Dawn Foster & Alyssa Wright at OSS Summit NA 2025
-
Open source funding: you're doing it wrong
With Benjamin Nickolls at FOSDEM 2025
-
Content Addressed Package Management
Presented in 2021
-
Republishing npm dependencies to IPFS as a micro-registry
Presented in 2019
-
With a Little Help from My Friends
Presented at Bath Ruby in 2018
-
Can my friends come too?
Presented at Brighton Ruby in 2017
-
The Rise of JavaScript Hardware Hacking
Presented at jQuery UK in 2014
-
JavaScript in the Real World
Recorded at Full Frontal in 2013
-
The Future of Nodecopter
Recorded at LXJS in 2013
-
Nodecopter
Recorded at Over the Air in 2013