Personal blog built with Jekyll and hosted on GitHub Pages. I write about package management, software supply chain security, and open source infrastructure.

Every awesome list on every topic, including awesome lists of awesome lists, updated daily.

Content for GitHub profile

A Ruby library for parsing, validating, and generating Package URLs (PURLs) as defined by the PURL specification

Converted security rules fromcodeql to semgrep format.

Jekyll plugin that generates site statistics

GitHub action to upgrade version of Ruby in various places to the latest

Detect potential typosquatting packages across package ecosystems

What was the first pull request you sent on GitHub?

Parse, generate, and validate Software Bill of Materials (SBOM)

Storing multiple tarballs in git to save space

A benchmark framework where maintainers define what good AI-generated code looks like for their ecosystem.

Generate and parse SoftWare Hash IDentifiers (SWHIDs)

The State of OSS Funding data: Insights from ecosyste.ms - talk at CHAOSScon North America 2025

Semantic diff for JSON files using JSON Schema metadata

A Sidekiq plugin that provides an MCP (Model Context Protocol) server for LLMs to interact with Sidekiq queues, stats, and failed jobs

An alternative to hanami-assets that doesn't rely on npm

A Ruby gem for parsing, comparing and sorting versions according to the VERS spec.

zizmor analysis of 31,916 github actions using alpha of ecosyste.ms platform