Changelog Interviews The world of open source metadata
Nov 5, 2025
Andrew Nesbitt, a trailblazer in open source metadata, discusses his journey from creating Libraries.io to building ecosyste.ms, which tracks millions of packages and dependencies. He dives into the significance of package metadata for understanding real-world usage and the challenges of maintaining accurate dependency graphs. Andrew also explores who utilizes this wealth of data, from researchers to maintainers, and the critical role of SBOM enrichment in enhancing security. His insights on sustainability and funding in open source provide a thought-provoking window into the future of digital infrastructure.
AI Snips
Chapters
Transcript
Episode notes
Trigger Analysis On Releases And Share Results
- Run targeted analyses on package updates instead of full reprocessing; trigger scans on new releases.
- Publish analysis outputs as public artifacts so researchers can reuse large results without reindexing.
Open Data With Paid Licensing Options
- Ecosystems uses a CC BY-SA dataset model and sells alternate licensing for broader commercial use.
- Paying customers covering hosting costs helps keep the data open while funding operations.
SBOM Enrichment Is High Demand
- SBOM enrichment is a major use case: ecosystems maps SBOM package entries to advisories, licenses, and metadata.
- Enrichment helps multi-ecosystem containers and repos be analyzed holistically.