Andrew Nesbitt has spent over a decade mapping open source infrastructure. His current project, ecosyste.ms, indexes 12 million packages, 287 million repositories, 24.5 billion dependencies, and 1.9 million maintainers. The dataset is open, and it is already being used to answer hard questions about how software supply chains actually work.
This conversation goes deeper than the numbers. Nesbitt explains what patterns emerge at that scale, who is consuming the data, and what gaps still exist in how the industry understands critical open source dependencies. The discussion around maintainer data alone is worth the runtime.
If you care about software supply chain security, dependency risk, or the economics of open source sustainability, this is primary source material. Nesbitt built libraries.io before ecosyste.ms, so the institutional knowledge here spans a decade of iteration on the same core problem.
[READ ORIGINAL →]