Ecosyste.ms

@ecosystems
212 Followers
63 Following
65 Posts
Tools and open datasets to support, sustain, and secure critical digital infrastructure
Homepagehttps://ecosyste.ms
Ecosyste.msFeb 9
Andrew NesbittFeb 9

Deploying some more aggressive caching to @ecosystems, especially on the html pages as some people are smashing it with headless chrome browsers atm.

Some things may be a bit more stale than before, but can't really be helped on such a small budget.

Ecosyste.msJan 2
Andrew NesbittJan 1

Annoucing git-pkgs, explore the dependency history of your git repositories.

git pkgs init
git pkgs blame
git pkgs history rails
git pkgs diff --from=v2.0
git pkgs stats
git pkgs why rails
git pkgs diff --from=HEAD~10
git pkgs diff --from=main --to=feature

https://nesbitt.io/2026/01/01/git-pkgs-explore-your-dependency-history.html

git-pkgs: explore your dependency history

A git subcommand to explore the dependency history of your repositories.

Andrew Nesbitt
Ecosyste.msJan 1
Andrew NesbittDec 31

One last coding experiment for 2025: https://github.com/ecosyste-ms/critical a daily updated sqlite database of metadata for the top 10k most used packages from @ecosystems published to github and npm.

You can then use that with https://github.com/ecosyste-ms/mcp a local mcp server for package metadata, it runs instantly for the cached packages and then falls back to querying the ecosyste.ms APIs.

GitHub - ecosyste-ms/critical: A database of metadata for the most critical open source packages, updated daily

A database of metadata for the most critical open source packages, updated daily - ecosyste-ms/critical

GitHub
Ecosyste.msDec 20
Package Managers Devroom at FOSDEM 2026: Schedule Announced: https://blog.ecosyste.ms/2025/12/20/fosdem-2026-package-managers-devroom-schedule.html
Package Managers Devroom at FOSDEM 2026: Schedule Announced

Wolf Vollprecht and Andrew Nesbitt are co-organizing the Package Managers devroom at FOSDEM 2026, and the schedule is now live. We have nine talks covering supply chain security, dependency resolution, build reproducibility, and the economics of running package registries.

Ecosystems Blog
Ecosyste.msDec 19
Andrew NesbittDec 18
The fosdem package manager dev room schedule is now live: https://fosdem.org/2026/schedule/track/package-management/
FOSDEM 2026 - Package Management

Ecosyste.msDec 11
Andrew NesbittDec 11
Spent more time debugging this that I would have liked, but it's done now, @ecosystems multi-tiered api rate limit config with apisix: https://nesbitt.io/2025/12/11/building-ecosytems-polite-api-rate-limits.html
Building Ecosyste.ms Polite API Rate Limits

Tiered rate limiting that rewards good citizenship: API keys, polite users, and everyone else.

Andrew Nesbitt
Ecosyste.msDec 8
Andrew NesbittDec 6
The package manager in GitHub Actions might be the worst package manager in use today: https://nesbitt.io/2025/12/06/github-actions-package-manager.html
GitHub Actions Has a Package Manager, and It Might Be the Worst

GitHub Actions has a package manager that ignores decades of supply chain security best practices: no lockfile, no integrity verification, no transitive pinning

Andrew Nesbitt
Ecosyste.msDec 5
Andrew NesbittDec 4
What is a package manager? Perhaps quite a few more components than you might think: https://nesbitt.io/2025/12/02/what-is-a-package-manager.html
What is a Package Manager?

What is a package manager? Perhaps quite a few more components than you might think

Andrew Nesbitt
Ecosyste.msNov 29
Andrew NesbittNov 29

There's still time to get a proposal in for the package manager dev room at @fosdem 2026, cfp closes end of day 1st December:

https://blog.ecosyste.ms/2025/11/06/fosdem-2026-package-managers-devroom-cfp.html

Call for Participation: Package Managers devroom at FOSDEM 2026

We are excited to announce the Call for Participation for the Package Managers devroom at FOSDEM 2026, taking place on Saturday, 31st January 2026 at the Université libre de Bruxelles, Belgium.

Ecosystems Blog
Ecosyste.msNov 17

New on the blog: Documenting Package Manager Data

https://blog.ecosyste.ms/2025/11/17/documenting-package-manager-data.html

Documenting Package Manager Data

Package managers are the quiet workhorses of computing. They make installing software on a machine trivial, but they have their differences, and as recent events have shown, those differences can lead to vulnerabilities and provide opportunities for attackers to disrupt public and private services alike.

Ecosystems Blog