Andrew Nesbitt

@andrewnez
1.3K Followers
700 Following
2.1K Posts
Package Management Nerd, working on mapping the world of open source software https://ecosyste.ms and blogging about package managers at https://nesbitt.io
GitHubhttps://github.com/andrew
Twitterhttps://twitter.com/teabass
Homepagehttps://nesbitt.io
bskyhttps://bsky.app/profile/andrewnez.bsky.social
Andrew Nesbitt5h ago
Andrew Nesbitt10h ago
Package Manager Easter Eggs: https://nesbitt.io/2026/04/03/package-manager-easter-eggs.html
Package Manager Easter Eggs

A tour of the easter eggs hiding inside package managers.

Andrew Nesbitt
Andrew Nesbitt6h ago
This is a new (and unwanted) one:
Andrew Nesbitt10h ago
Package Manager Easter Eggs: https://nesbitt.io/2026/04/03/package-manager-easter-eggs.html
Package Manager Easter Eggs

A tour of the easter eggs hiding inside package managers.

Andrew Nesbitt
Andrew Nesbitt1d ago
Mike McQuaidMar 25

My talk “Ruby on Guard (Rails)” from Haggis Ruby 2024 is now on YouTube.

Weird watching in hindsight when I was very much pre-AI.

If anything, AI only makes the guardrails more important and valuable.

https://www.youtube.com/watch?v=KgjFrEtMadQ

Mike McQuaid - Ruby on Guard (Rails)

YouTube
Andrew Nesbitt1d ago
Seth Larson1d ago

RE: https://fosstodon.org/@pypi/116335453780319113

There is a ton in this report, like how @pypi is able to respond so quickly to malware thanks to our network of trusted reporters and how to keep yourself secure both as a maintainer and user of Python packages.

Andrew Nesbitt1d ago
Python Package Index1d ago
PSF Security developers have published incident reports on the LiteLLM & Telnyx #supplychain attacks. Read what happened, who's affected, and what developers & maintainers can do to prepare and protect themselves from future incidents. #security #python
https://blog.pypi.org/posts/2026-04-02-incident-report-litellm-telnyx-supply-chain-attack/
Incident Report: LiteLLM/Telnyx supply-chain attacks, with guidance - The Python Package Index Blog

Python Package Index shares insights and provides guidance following LiteLLM/Telnyx supply-chain attacks

Andrew Nesbitt1d ago
David Revoy2d ago

Rubber Ducking

#webcomic #krita #miniFantasyTheater

Andrew Nesbitt2d ago
Show threadOrde Saunders 🔟2d ago
@andrewnez I guess that given the standard for JS is mostly terrible code and that's what's gone into the training data then the outputted JS is statistically likely to be mostly terrible code.
Andrew Nesbitt2d ago
People talking about the leaked claude code release has terrible code, it looks pretty standard for the closed source javascript applications I've seen, vibe coded or not!
Andrew Nesbitt2d ago
Oh wow, that's a lot of CVEs in the latest release of rack: https://github.com/rack/rack/blob/main/CHANGELOG.md#security
rack/CHANGELOG.md at main · rack/rack

A modular Ruby web server interface. Contribute to rack/rack development by creating an account on GitHub.

GitHub