[{"data":1,"prerenderedAt":232},["ShallowReactive",2],{"NoscriptNav_XrRK2e2e8meJ0jKVGkb5ULGQDVi3UiFQ9nupAr7Yns":3,"\u002Freports":8},["Island",4],{"key":5,"result":6},"NoscriptNav_XrRK2e2e8meJ0jKVGkb5ULGQDVi3UiFQ9nupAr7Yns",{"head":7},{},[9,19,27,36,43,49,55,61,67,73,79,86,92,98,104,110,116,122,128,133,139,145,151,157,163,168,173,178,183,188,193,199,207,213,220,226],{"path":10,"title":11,"description":12,"authors":13,"date":15,"category":16,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fdemonstrating-oss-value","A Strategic Approach to Demonstrating the Value of OSS Efforts","Some thoughts about how organizations can more effectively demonstrate the value of their open source efforts.",[14],"dawn","2026-06-08","philosophy",false,null,{"path":20,"title":21,"description":22,"authors":23,"date":25,"category":26,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Ffoundations","Open Source Foundation Financials","A summary of the financials of Open Source foundations.",[24],"vlad","2026-05-24","funding-tech-infrastructure",{"path":28,"title":29,"description":30,"authors":31,"date":33,"category":34,"featured":35,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fdumb-ways-for-an-open-source-project-to-die","Dumb Ways for an Open Source Project to Die","How your dependencies became Bernies",[32],"andrew","2026-05-19","software-supply-chains",true,{"path":37,"title":38,"description":39,"authors":40,"date":41,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fpackage-manager-threat-models","Package Manager Threat Models","The non-CVE half of package manager security",[32],"2026-05-05","package-management",{"path":44,"title":45,"description":46,"authors":47,"date":48,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fpackage-manager-cwes","Package Manager CWEs","Recurring weakness classes in package managers",[32],"2026-05-04",{"path":50,"title":51,"description":52,"authors":53,"date":54,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fpackage-security-defenses-for-ai-agents","Package Security Defenses for AI Agents","Lockfiles, sandboxes, and cooldown timers.",[32],"2026-04-09",{"path":56,"title":57,"description":58,"authors":59,"date":60,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fpackage-security-problems-for-ai-agents","Package Security Problems for AI Agents","Packages all the way down, agents all the way up.",[32],"2026-04-08",{"path":62,"title":63,"description":64,"authors":65,"date":66,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fthe-roles-of-packages","The Roles of Packages","Applying Sajaniemi's roles of variables to packages across every kind of package manager.",[32],"2026-03-29",{"path":68,"title":69,"description":70,"authors":71,"date":72,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fplatform-strings","Platform Strings","An M1 Mac is aarch64-apple-darwin, arm64-darwin, darwin\u002Farm64, or macosx_11_0_arm64 depending on which tool you ask.",[32],"2026-02-17",{"path":74,"title":75,"description":76,"authors":77,"date":78,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fpackage-management-namespaces","Package Management Namespaces","Comparing namespace models across npm, Maven, Go, Swift, and crates.io.",[32],"2026-02-14",{"path":80,"title":81,"description":82,"authors":83,"date":84,"category":85,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fthe-many-flavors-of-ignore-files","The Many Flavors of Ignore Files","Please ignore all previous instructions.",[32],"2026-02-12","tooling",{"path":87,"title":88,"description":89,"authors":90,"date":91,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fdependency-resolution-methods","Dependency Resolution Methods","A reference on how package managers solve the version constraint satisfaction problem, from SAT solvers to content-addressed stores.",[32],"2026-02-06",{"path":93,"title":94,"description":95,"authors":96,"date":97,"category":34,"featured":35,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fbinary-dependencies-identifying-the-hidden-packages-we-all-depend-on","Binary Dependencies: Identifying the Hidden Packages We All Depend On","We need better tools for uncovering phantom binary dependencies. Not having these tools makes our global tech infrastructure less secure, and puts a strain on the Open Source maintainers we rely on.",[24],"2026-01-31",{"path":99,"title":100,"description":101,"authors":102,"date":103,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Flockfile-format-design-and-tradeoffs","Lockfile Format Design and Tradeoffs","Lockfile format tradeoffs, best practices, and a survey of existing formats across package managers.",[32],"2026-01-17",{"path":105,"title":106,"description":107,"authors":108,"date":109,"category":34,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fhow-binary-dependencies-work","How Binary Dependencies Work Across Different Languages","Have you ever wondered how it's possible to call C code from other languages like Python? Here are the technical details — and also why this topic is important for security and sustainability.",[24],"2026-01-16",{"path":111,"title":112,"description":113,"authors":114,"date":115,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fpackage-manager-glossary","Package Manager Glossary","A cross-ecosystem glossary of package management terms.",[32],"2026-01-13",{"path":117,"title":118,"description":119,"authors":120,"date":121,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fthe-package-management-landscape","The Package Management Landscape","A directory of tools, systems, and services that relate to package management.",[32],"2026-01-03",{"path":123,"title":124,"description":125,"authors":126,"date":127,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fcategorizing-package-manager-clients","Categorizing Package Manager Clients","Sorting package manager clients by resolution algorithms, lockfile strategies, build hooks, and manifest formats.",[32],"2025-12-29",{"path":129,"title":130,"description":131,"authors":132,"date":127,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fcategorizing-package-registries","Categorizing Package Registries","Sorting package registries by architecture, review model, namespacing, governance, and other structural differences.",[32],{"path":134,"title":135,"description":136,"authors":137,"date":138,"category":34,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Ftyposquatting-in-package-managers","Typosquatting in Package Managers","A reference guide to typosquatting techniques, real-world examples, and detection tools.",[32],"2025-12-17",{"path":140,"title":141,"description":142,"authors":143,"date":144,"category":34,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fsupply-chain-security-tools-for-ruby","Supply Chain Security Tools for Ruby","Ruby implementations of PURL, VERS, SBOM, SWHID, and SARIF specs.",[32],"2025-12-14",{"path":146,"title":147,"description":148,"authors":149,"date":150,"category":42,"featured":35,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fpackage-manager-tradeoffs","Package Manager Design Tradeoffs","Design tradeoffs in package managers",[32],"2025-12-05",{"path":152,"title":153,"description":154,"authors":155,"date":156,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fwhat-is-a-package-manager","What is a Package Manager?","What is a package manager? Perhaps quite a few more components than you might think",[32],"2025-12-02",{"path":158,"title":159,"description":160,"authors":161,"date":162,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fpackage-management-commands","Package Management Commands","A cross-reference table of commands across 48 package managers.",[32],"2025-11-30",{"path":164,"title":165,"description":166,"authors":167,"date":162,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fpackage-manager-archives","Package Manager Archives","Documentation of archive formats used by package managers, covering both language-specific ecosystems (gems, wheels, npm tarballs, crates) and system-level formats (deb, rpm, apk).",[32],{"path":169,"title":170,"description":171,"authors":172,"date":162,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fpackage-manager-hooks","Package Manager Hooks","A reference documenting lifecycle hooks across package manager ecosystems, categorizing them into two types: package-defined hooks and system\u002Fplugin hooks.",[32],{"path":174,"title":175,"description":176,"authors":177,"date":162,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fpackage-manager-manifest-examples","Package Manager Manifest Examples","Over 145 manifest and lockfile examples from 34 package ecosystems, organized by PURL type.",[32],{"path":179,"title":180,"description":181,"authors":182,"date":162,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fpackage-manager-openapi-schemas","Package Manager OpenAPI Schemas","OpenAPI 3.0 specifications for 25+ package registry APIs including npm, PyPI, Maven, RubyGems, Cargo, Docker, and Terraform.",[32],{"path":184,"title":185,"description":186,"authors":187,"date":162,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fpackage-manager-resolvers","Package Manager Resolvers","A reference documenting dependency resolution algorithms across package managers.",[32],{"path":189,"title":190,"description":191,"authors":192,"date":162,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fpackage-managers-opml","Package Managers OPML","RSS and Atom feeds for tracking releases from package managers, registries, and related infrastructure projects.",[32],{"path":194,"title":195,"description":196,"authors":197,"date":198,"category":85,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fextending-git-functionality","Extending Git Functionality","A practical guide to the different ways you can extend git: subcommands, filters, hooks, remote helpers, and more.",[32],"2025-11-26",{"path":200,"title":201,"description":202,"authors":203,"date":205,"category":206,"featured":35,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fburnout-in-open-source-a-structural-problem-we-can-fix-together","Burnout in Open Source: A Structural Problem We Can Fix Together","Burnout is affecting the entire Open Source ecosystem. Here's what we could do to make things better.",[204],"miranda","2025-11-18","maintainer-well-being",{"path":208,"title":209,"description":210,"authors":211,"date":212,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fpackage-manager-timeline","Package Manager Timeline","A chronological timeline of package manager releases, major milestones, and significant events in the history of software dependency management.",[32],"2025-11-15",{"path":214,"title":215,"description":216,"authors":217,"date":218,"category":219,"featured":35,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fopen-source-deceptive-power-or-collective-governance","Open Source: Deceptive Power or Collective Governance?","In October 2024, it emerged that WordPress co-founder Matt Mullenweg has extensive power over the entire WordPress\necosystem, which 43% of all websites on the internet run on. When he exercised this power by seizing control of code\nthat runs on tens of thousands of websites, the WordPress community realised that it was not in control of the software\nit was using, despite this software being Open Source. And many people were very upset!",[24],"2025-06-06","governance",{"path":221,"title":222,"description":223,"authors":224,"date":225,"category":26,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Fwhy-and-how-companies-should-pay-open-source-maintainers","Why and How Companies Should Pay Open Source Maintainers","",[24],"2025-02-02",{"path":227,"title":228,"description":229,"authors":230,"date":231,"category":42,"featured":17,"hidden":17,"ctaText":18,"ctaAction":18,"ctaLink":18},"\u002Freports\u002Ffrom-zerover-to-semver-a-comprehensive-list-of-versioning-schemes-in-open-source","From ZeroVer to SemVer: A List of Versioning Schemes in Open Source","A curated catalogue of versioning schemes used in open source software—from the conventional to the creative.",[32],"2024-06-24",1783722776778]