[{"data":1,"prerenderedAt":1184},["ShallowReactive",2],{"NoscriptNav_XrRK2e2e8meJ0jKVGkb5ULGQDVi3UiFQ9nupAr7Yns":3,"\u002Fideas\u002Fpackage-manager-podcast-episodes":8},["Island",4],{"key":5,"result":6},"NoscriptNav_XrRK2e2e8meJ0jKVGkb5ULGQDVi3UiFQ9nupAr7Yns",{"head":7},{},{"id":9,"title":10,"authors":11,"body":13,"canonicalUrl":1170,"canonicalWebsiteName":1171,"category":1172,"date":1173,"description":1174,"extension":1175,"featured":1176,"fullWidthLayout":1176,"image":1177,"imageAlt":1177,"location":1177,"meta":1178,"metaImage":1177,"navigation":1179,"path":1180,"seo":1181,"stem":1182,"venue":1177,"venueUrl":1177,"__hash__":1183},"ideas\u002Fideas\u002Fpackage-manager-podcast-episodes.md","Package Manager Podcast Episodes",[12],"andrew",{"type":14,"value":15,"toc":1147},"minimark",[16,31,41,46,57,67,77,87,97,107,117,127,137,147,157,167,177,187,197,207,217,227,237,247,257,267,277,287,297,307,317,321,331,341,351,361,371,381,391,401,411,421,431,441,451,461,471,481,485,495,505,515,525,535,545,549,559,569,579,583,593,603,613,623,633,643,647,657,661,671,675,685,695,705,715,725,735,739,749,759,769,773,783,787,797,807,817,821,831,835,845,849,859,863,873,877,887,897,907,917,921,931,941,951,961,971,981,991,1001,1011,1015,1025,1035,1045,1055,1065,1075,1079,1089,1099,1109,1119,1129,1132],[17,18,19,20,25,26,30],"p",{},"Like the ",[21,22,24],"a",{"href":23},"\u002Freports\u002Fpackage-management-blog-posts","blog posts"," and ",[21,27,29],{"href":28},"\u002Freports\u002Fpackage-management-papers","papers"," collections, this is a running list of podcast episodes where people who build and maintain package managers talk about their work. Grouped by ecosystem, with a few cross-cutting episodes at the end.",[17,32,33,34,40],{},"The Manifest (",[21,35,39],{"href":36,"rel":37},"https:\u002F\u002Fmanifest.fm",[38],"nofollow","manifest.fm",") is a podcast dedicated entirely to package management, hosted by Alex Pounds and me. I've listed its episodes under the relevant ecosystems below rather than in a separate section.",[42,43,45],"h2",{"id":44},"javascript-typescript","JavaScript \u002F TypeScript",[17,47,48,56],{},[49,50,51],"strong",{},[21,52,55],{"href":53,"rel":54},"https:\u002F\u002Ftopenddevs.com\u002Fpodcasts\u002Fjavascript-jabber\u002F052-jsj-node-npm-with-isaac-schlueter",[38],"JavaScript Jabber #052: Node npm"," (Isaac Schlueter, 2013). Early discussion of npm's role in the Node ecosystem, semantic versioning, and module discovery.",[17,58,59,66],{},[49,60,61],{},[21,62,65],{"href":63,"rel":64},"https:\u002F\u002Fchangelog.com\u002Fpodcast\u002F101",[38],"The Changelog #101: npm Origins and Node.js"," (Isaac Schlueter, 2013). npm's creator on its origins and how to get paid to do open source.",[17,68,69,76],{},[49,70,71],{},[21,72,75],{"href":73,"rel":74},"https:\u002F\u002Ftopenddevs.com\u002Fpodcasts\u002Fjavascript-jabber\u002F099-jsj-npm-inc-with-isaac-schlueter-laurie-voss-and-rod-boothby",[38],"JavaScript Jabber #099: npm, Inc."," (Isaac Schlueter, Laurie Voss, and Rod Boothby, 2014). The founding of npm, Inc. and turning a community project into a company.",[17,78,79,86],{},[49,80,81],{},[21,82,85],{"href":83,"rel":84},"https:\u002F\u002Ftopenddevs.com\u002Fpodcasts\u002Fjavascript-jabber\u002F127-jsj-changes-in-npm-land-with-forrest-norvell-rebecca-turner-ben-coe-and-isaac-z-schlueter",[38],"JavaScript Jabber #127: Changes in npm Land"," (Forrest Norvell, Rebecca Turner, Ben Coe, and Isaac Schlueter, 2014). The full npm team on what was changing inside the registry and CLI.",[17,88,89,96],{},[49,90,91],{},[21,92,95],{"href":93,"rel":94},"https:\u002F\u002Ftopenddevs.com\u002Fpodcasts\u002Fjavascript-jabber\u002F174-jsj-npm-3-with-rebecca-turner-and-forrest-norvell",[38],"JavaScript Jabber #174: npm 3"," (Rebecca Turner and Forrest Norvell, 2015). The npm tech lead on npm 3's changes to dependency tree flattening.",[17,98,99,106],{},[49,100,101],{},[21,102,105],{"href":103,"rel":104},"https:\u002F\u002Fjavascriptair.com\u002Fepisodes\u002F2016-11-02-bonus\u002F",[38],"JavaScript Air #047: Yarn"," (Sebastian McKenzie, Konstantin Raev, Yehuda Katz, and Christoph Pojer, 2016). The original Yarn team explaining why they built it, recorded right after launch.",[17,108,109,116],{},[49,110,111],{},[21,112,115],{"href":113,"rel":114},"https:\u002F\u002Ftopenddevs.com\u002Fpodcasts\u002Fjavascript-jabber\u002Fjsj-266-npm-5-0-with-rebecca-turner",[38],"JavaScript Jabber #266: npm 5.0"," (Rebecca Turner, 2017). npm 5's lockfile, performance improvements, and the design decisions behind them.",[17,118,119,126],{},[49,120,121],{},[21,122,125],{"href":123,"rel":124},"https:\u002F\u002Ftopenddevs.com\u002Fpodcasts\u002Fjavascript-jabber\u002Fjsj-294-node-security-with-adam-baldwin",[38],"JavaScript Jabber #294: Node Security"," (Adam Baldwin, 2018). The Node Security Platform, dependency vulnerabilities, and integrating security into npm workflows.",[17,128,129,136],{},[49,130,131],{},[21,132,135],{"href":133,"rel":134},"https:\u002F\u002Fchangelog.com\u002Ffounderstalk\u002F61",[38],"Founders Talk #61: Building npm and Hiring a CEO"," (Isaac Schlueter, 2019). Isaac on the journey of hiring his successor and the business side of running npm.",[17,138,139,146],{},[49,140,141],{},[21,142,145],{"href":143,"rel":144},"https:\u002F\u002Fundefined.fm\u002Fradio\u002Fthe-future-of-javascript-tooling-with-sebastian-mckenzie",[38],"The Undefined Podcast: The Future of JavaScript Tooling"," (Sebastian McKenzie, 2019). The Babel and Yarn creator on open source burnout, working at Facebook, and the Rome project.",[17,148,149,156],{},[49,150,151],{},[21,152,155],{"href":153,"rel":154},"https:\u002F\u002Fchangelog.com\u002Fpodcast\u002F326",[38],"The Changelog #326: The event-stream compromise"," (Dominic Tarr, 2018). The maintainer whose package was hijacked explains how it happened. The best incident postmortem in podcast form.",[17,158,159,166],{},[49,160,161],{},[21,162,165],{"href":163,"rel":164},"https:\u002F\u002Ftopenddevs.com\u002Fpodcasts\u002Fjavascript-jabber\u002Fjsj-357-event-stream-package-vulnerabilities-with-richard-feldman-and-hillel-wayne",[38],"JavaScript Jabber #357: event-stream Package Vulnerabilities"," (Richard Feldman and Hillel Wayne, 2019). The event-stream attack from the community's perspective, and whether paying maintainers would improve security.",[17,168,169,176],{},[49,170,171],{},[21,172,175],{"href":173,"rel":174},"https:\u002F\u002Fchangelog.com\u002Fpodcast\u002F355",[38],"The Changelog #355: The Economics of Open Source"," (CJ Silverio, 2019). npm's former CTO on who owns the JavaScript commons, VC-funded registries, and the Entropic federated alternative.",[17,178,179,186],{},[49,180,181],{},[21,182,185],{"href":183,"rel":184},"https:\u002F\u002Ftopenddevs.com\u002Fpodcasts\u002Fjavascript-jabber\u002Fjsj-366-npm-with-mikeal-rogers",[38],"JavaScript Jabber #366: npm"," (Mikeal Rogers, 2019). Node.js history, alternate CLIs, Pika, import maps, and where package management was heading.",[17,188,189,196],{},[49,190,191],{},[21,192,195],{"href":193,"rel":194},"https:\u002F\u002Fmanifest.fm\u002F9",[38],"The Manifest #9: Typosquatting"," (Adam Baldwin). Security in npm, typosquatting attacks, and what exploits look like in practice.",[17,198,199,206],{},[49,200,201],{},[21,202,205],{"href":203,"rel":204},"https:\u002F\u002Fpodrocket.logrocket.com\u002Fpnpm",[38],"PodRocket: What makes pnpm performant"," (Zoltan Kochan, 2022). pnpm's creator on its content-addressable store and symlink architecture.",[17,208,209,216],{},[49,210,211],{},[21,212,215],{"href":213,"rel":214},"https:\u002F\u002Fwww.devtools.fm\u002Fepisode\u002F154",[38],"devtools.fm #154: pnpm and the Future of Package Management"," (Zoltan Kochan). How pnpm revolutionized dependency installation in the JavaScript ecosystem.",[17,218,219,226],{},[49,220,221],{},[21,222,225],{"href":223,"rel":224},"https:\u002F\u002Fsoftwareengineeringdaily.com\u002F2025\u002F09\u002F18\u002Fpnpm-with-zoltan-kochan\u002F",[38],"Software Engineering Daily: pnpm"," (Zoltan Kochan, 2025). pnpm's background and where package management in the web is heading.",[17,228,229,236],{},[49,230,231],{},[21,232,235],{"href":233,"rel":234},"https:\u002F\u002Fchangelog.com\u002Fpodcast\u002F443",[38],"The Changelog #443: Exploring Deno Land"," (Ryan Dahl, 2021). Only Ryan Dahl's second podcast appearance. Covers the full arc from Node regrets to Deno.",[17,238,239,246],{},[49,240,241],{},[21,242,245],{"href":243,"rel":244},"https:\u002F\u002Fsyntax.fm\u002Fshow\u002F737\u002Fjsr-the-new-typescript-package-registry-npm-killer",[38],"Syntax #737: JSR: The New TypeScript Package Registry"," (Luca Casonato, 2024). JSR's design as an ESM-only, TypeScript-first registry that complements npm.",[17,248,249,256],{},[49,250,251],{},[21,252,255],{"href":253,"rel":254},"https:\u002F\u002Fsyntax.fm\u002Fshow\u002F815\u002Fdeno-2-with-ryan-dahl",[38],"Syntax #815: Deno 2"," (Ryan Dahl, 2024). Deno 2's npm package support, web standards, and framework integration.",[17,258,259,266],{},[49,260,261],{},[21,262,265],{"href":263,"rel":264},"https:\u002F\u002Fchangelog.com\u002Fjsparty\u002F282",[38],"JS Party #282: The massive bug at the heart of npm"," (Darcy Clarke, 2023). A deep technical disclosure of an integrity bug in the npm registry.",[17,268,269,276],{},[49,270,271],{},[21,272,275],{"href":273,"rel":274},"https:\u002F\u002Fsyntax.fm\u002Fshow\u002F688\u002Fex-npm-employee-making-a-new-package-manager-vlt-with-darcy-clarke",[38],"Syntax #688: vlt with Darcy Clarke"," (Darcy Clarke). Darcy introduces vlt, a next-generation package manager and registry.",[17,278,279,286],{},[49,280,281],{},[21,282,285],{"href":283,"rel":284},"https:\u002F\u002Fchangelog.com\u002Fjsparty\u002F295",[38],"JS Party #295: Reflecting on Bun's big launch"," (Jarred Sumner, 2023). Bun 1.0, its relationship to Node, and how a VC-backed startup sustains an open source runtime.",[17,288,289,296],{},[49,290,291],{},[21,292,295],{"href":293,"rel":294},"https:\u002F\u002Ftopenddevs.com\u002Fpodcasts\u002Fjavascript-jabber\u002Fsupply-chain-security-part-1-jsj-524",[38],"JavaScript Jabber #524: Supply Chain Security, Part 1"," (Feross Aboukhadijeh, 2022). Malware trends targeting npm dependencies and how Socket detects them beyond traditional vulnerability scanning.",[17,298,299,306],{},[49,300,301],{},[21,302,305],{"href":303,"rel":304},"https:\u002F\u002Ftopenddevs.com\u002Fpodcasts\u002Fjavascript-jabber\u002Fsupply-chain-security-part-2-jsj-525",[38],"JavaScript Jabber #525: Supply Chain Security, Part 2"," (Feross Aboukhadijeh, 2022). Continued discussion on shifting mindsets around dependencies and understanding dependency lifecycle management.",[17,308,309,316],{},[49,310,311],{},[21,312,315],{"href":313,"rel":314},"https:\u002F\u002Fchangelog.com\u002Fpodcast\u002F482",[38],"The Changelog #482: Securing the open source supply chain"," (Feross Aboukhadijeh). Socket's launch and the broader problem of npm supply chain security.",[42,318,320],{"id":319},"python","Python",[17,322,323,330],{},[49,324,325],{},[21,326,329],{"href":327,"rel":328},"https:\u002F\u002Fwww.pythonpodcast.com\u002Fepisodepage\u002Fepisode-54-pip-and-the-python-package-authority-with-donald-stufft",[38],"Podcast.__init__ #54: Pip and the Python Package Authority"," (Donald Stufft, 2016). pip and PyPI's primary maintainer on the work involved in keeping them running.",[17,332,333,340],{},[49,334,335],{},[21,336,339],{"href":337,"rel":338},"https:\u002F\u002Ftalkpython.fm\u002Fepisodes\u002Fshow\u002F64\u002Finside-the-python-package-index",[38],"Talk Python To Me #64: Inside the Python Package Index"," (Donald Stufft, 2016). PyPI handling over 300 TB of traffic per month and the infrastructure behind it.",[17,342,343,350],{},[49,344,345],{},[21,346,349],{"href":347,"rel":348},"https:\u002F\u002Ftalkpython.fm\u002Fepisodes\u002Fshow\u002F159\u002Finside-the-new-pypi-launch",[38],"Talk Python To Me #159: Inside the new PyPI launch"," (Nicole Harris, Ernest Durbin III, and Dustin Ingram, 2018). The launch of pypi.org replacing the legacy system after 15+ years.",[17,352,353,360],{},[49,354,355],{},[21,356,359],{"href":357,"rel":358},"https:\u002F\u002Fwww.pythonpodcast.com\u002Fepisodepage\u002Fpip-resolver-dependency-management-episode-264",[38],"Podcast.__init__ #264: Dependency Management Improvements in Pip's Resolver"," (Pradyun Gedam, Tzu-ping Chung, and Paul Moore, 2020). The new pip dependency resolver, its design, and the challenge of writing good error messages.",[17,362,363,370],{},[49,364,365],{},[21,366,369],{"href":367,"rel":368},"https:\u002F\u002Ftalkpython.fm\u002Fepisodes\u002Fshow\u002F377\u002Fpython-packaging-and-pypi-in-2022",[38],"Talk Python To Me #377: Python Packaging and PyPI in 2022"," (Dustin Ingram, 2022). 2FA rollout, securing the supply chain, and the state of PyPI.",[17,372,373,380],{},[49,374,375],{},[21,376,379],{"href":377,"rel":378},"https:\u002F\u002Ftalkpython.fm\u002Fepisodes\u002Fshow\u002F406\u002Freimagining-pythons-packaging-workflows",[38],"Talk Python To Me #406: Reimagining Python's Packaging Workflows"," (Steve Dower, Pradyun Gedam, Ofek Lev, and Paul Moore, 2023). How the packaging landscape expanded with Poetry, Hatch, PDM, and others.",[17,382,383,390],{},[49,384,385],{},[21,386,389],{"href":387,"rel":388},"https:\u002F\u002Ftalkpython.fm\u002Fepisodes\u002Fshow\u002F453\u002Fuv-the-next-evolution-in-python-packages",[38],"Talk Python To Me #453: uv - The Next Evolution in Python Packages?"," (Charlie Marsh, 2024). uv's initial launch as a pip replacement.",[17,392,393,400],{},[49,394,395],{},[21,396,399],{"href":397,"rel":398},"https:\u002F\u002Fchangelog.com\u002Fpodcast\u002F660",[38],"The Changelog #660: Reinventing Python tooling with Rust"," (Charlie Marsh, 2025). Why Python, why Rust, how Astral makes everything fast.",[17,402,403,410],{},[49,404,405],{},[21,406,409],{"href":407,"rel":408},"https:\u002F\u002Ftalkpython.fm\u002Fepisodes\u002Fshow\u002F476\u002Funified-python-packaging-with-uv",[38],"Talk Python To Me #476: Unified Python packaging with uv"," (Charlie Marsh, 2024). uv's expansion from pip replacement to full project manager.",[17,412,413,420],{},[49,414,415],{},[21,416,419],{"href":417,"rel":418},"https:\u002F\u002Ftalkpython.fm\u002Fepisodes\u002Fshow\u002F520\u002Fpyx-the-other-side-of-the-uv-coin-announcing-pyx",[38],"Talk Python To Me #520: pyx - the other side of the uv coin"," (Charlie Marsh, 2025). Astral's Python-native package registry and how it complements PyPI.",[17,422,423,430],{},[49,424,425],{},[21,426,429],{"href":427,"rel":428},"https:\u002F\u002Fse-radio.net\u002F2024\u002F06\u002Fse-radio-622-wolf-vollprecht-on-python-tooling-in-rust\u002F",[38],"SE Radio #622: Wolf Vollprecht on Python Tooling in Rust"," (Wolf Vollprecht, 2024). Mamba and Pixi, building Python infrastructure in Rust.",[17,432,433,440],{},[49,434,435],{},[21,436,439],{"href":437,"rel":438},"https:\u002F\u002Ftalkpython.fm\u002Fepisodes\u002Fshow\u002F439\u002Fpixi-a-fast-package-manager",[38],"Talk Python To Me #439: Pixi, A Fast Package Manager"," (Wolf Vollprecht and Ruben Arts, 2023). Pixi's high-performance package management with full conda compatibility.",[17,442,443,450],{},[49,444,445],{},[21,446,449],{"href":447,"rel":448},"https:\u002F\u002Ftalkpython.fm\u002Fepisodes\u002Fshow\u002F115\u002Fpython-for-humans-projects",[38],"Talk Python To Me #115: Python for Humans projects"," (Kenneth Reitz, 2017). Requests, pipenv, and the philosophy behind them.",[17,452,453,460],{},[49,454,455],{},[21,456,459],{"href":457,"rel":458},"https:\u002F\u002Fwww.pythonshow.com\u002Fp\u002F41-python-packaging-and-foss-with",[38],"The Python Show #41: Python Packaging and FOSS with Armin Ronacher"," (Armin Ronacher, 2024). The creator of Flask and Rye on the state of Python packaging and open source sustainability.",[17,462,463,470],{},[49,464,465],{},[21,466,469],{"href":467,"rel":468},"https:\u002F\u002Fopensourcesecurity.io\u002F2024\u002F10\u002F20\u002Fepisode-451-python-security-with-seth-larson\u002F",[38],"Open Source Security Podcast: Python security with Seth Larson"," (Seth Larson, 2024). What happens when open source developers are paid to do security work.",[17,472,473,480],{},[49,474,475],{},[21,476,479],{"href":477,"rel":478},"https:\u002F\u002Ftalkpython.fm\u002Fepisodes\u002Fshow\u002F435\u002Fpypi-security",[38],"Talk Python To Me #435: PyPI Security"," (Mike Fiedler, 2023). PyPI's safety and security engineer on malware detection, trusted publishers, and the 2FA mandate for all publishers.",[42,482,484],{"id":483},"ruby","Ruby",[17,486,487,494],{},[49,488,489],{},[21,490,493],{"href":491,"rel":492},"https:\u002F\u002Fmanifest.fm\u002F3",[38],"The Manifest #3: RubyGems with Andre Arko"," (Andre Arko, 2017). How he became lead maintainer of RubyGems and Bundler, and what led to Ruby Together.",[17,496,497,504],{},[49,498,499],{},[21,500,503],{"href":501,"rel":502},"https:\u002F\u002Ftopenddevs.com\u002Fpodcasts\u002Fruby-rogues\u002F045-rr-bundler-with-andre-arko",[38],"Ruby Rogues #45: Bundler"," (Andre Arko, 2012). Early, in-depth discussion of Bundler's design and purpose.",[17,506,507,514],{},[49,508,509],{},[21,510,513],{"href":511,"rel":512},"https:\u002F\u002Fwww.rooftopruby.com\u002F2108545\u002Fepisodes\u002F13495314",[38],"Rooftop Ruby #23: Head of Open Source at Ruby Central"," (Andre Arko, 2023). His journey to Bundler, how Ruby Together came to be, and continuing that work at Ruby Central.",[17,516,517,524],{},[49,518,519],{},[21,520,523],{"href":521,"rel":522},"https:\u002F\u002Fwww.friendly.show\u002F2278525\u002Fepisodes\u002F13995352",[38],"Friendly Show #5: How we got RubyGems and Bundler"," (Andre Arko, 2023). The full history of RubyGems and Bundler, the cost of maintaining them (~$500k\u002Fmonth), and future plans.",[17,526,527,534],{},[49,528,529],{},[21,530,533],{"href":531,"rel":532},"https:\u002F\u002Fwww.railschangelog.com\u002F19",[38],"The Rails Changelog #19: Exploring RubyGems"," (Jenny Shen). The mechanics of dependency resolution in RubyGems, including compact indexes.",[17,536,537,544],{},[49,538,539],{},[21,540,543],{"href":541,"rel":542},"https:\u002F\u002Fchangelog.com\u002Ffriends\u002F113",[38],"Changelog & Friends #113: The RubyGems Debacle"," (Mike McQuaid and Justin Searls, 2025). The Ruby Central governance controversy, money in open source, and what sustainability means.",[42,546,548],{"id":547},"rust","Rust",[17,550,551,558],{},[49,552,553],{},[21,554,557],{"href":555,"rel":556},"https:\u002F\u002Fmanifest.fm\u002F8",[38],"The Manifest #8: Cargo and Crates.io"," (Carol Nichols, 2017). The features that make Cargo the envy of other package managers, and the sustainability of the Rust ecosystem.",[17,560,561,568],{},[49,562,563],{},[21,564,567],{"href":565,"rel":566},"https:\u002F\u002Fchangelog.com\u002Fpodcast\u002F151",[38],"The Changelog #151: The Rust Programming Language"," (Steve Klabnik and Yehuda Katz, 2015). Yehuda Katz designed Cargo by rolling up five years of innovation from Bundler, Node, and Go.",[17,570,571,578],{},[49,572,573],{},[21,574,577],{"href":575,"rel":576},"https:\u002F\u002Fopensourcesecurity.io\u002F2025\u002F2025-08-cratesio-trusted-publishing-tobias\u002F",[38],"Open Source Security Podcast: crates.io trusted publishing"," (Tobias Bieniek, 2025). Steps crates.io is taking to enhance supply chain security through trusted publishing.",[42,580,582],{"id":581},"go","Go",[17,584,585,592],{},[49,586,587],{},[21,588,591],{"href":589,"rel":590},"https:\u002F\u002Fmanifest.fm\u002F4",[38],"The Manifest #4: Go dep"," (Sam Boyer, 2017). Package management for Go, SAT-solving, and dependency resolution before Go modules existed.",[17,594,595,602],{},[49,596,597],{},[21,598,601],{"href":599,"rel":600},"https:\u002F\u002Fchangelog.com\u002Fgotime\u002F77",[38],"Go Time #77: Dependencies and the future of Go"," (Russ Cox, 2018). The Go tech lead on the Vgo proposal that became Go modules.",[17,604,605,612],{},[49,606,607],{},[21,608,611],{"href":609,"rel":610},"https:\u002F\u002Fchangelog.com\u002Fgotime\u002F188",[38],"Go Time #188: SIV and the V2+ issue"," (Tim Heckman and Peter Bourgon, 2021). Semantic import versioning and the community friction it caused.",[17,614,615,622],{},[49,616,617],{},[21,618,621],{"href":619,"rel":620},"https:\u002F\u002Fchangelog.com\u002Fgotime\u002F321",[38],"Go Time #321: Dependencies are dangerous"," (panel, 2024). The polyfill.io supply chain attack and Go's \"a little copying is better than a little dependency\" proverb.",[17,624,625,632],{},[49,626,627],{},[21,628,631],{"href":629,"rel":630},"https:\u002F\u002Fchangelog.com\u002Fgotime\u002F86",[38],"Go Time #86: Go modules and the Athens project"," (Marwan Sulaiman and Aaron Schlesinger, 2019). How Go module proxies work, the Athens project, and the transition from GOPATH to modules.",[17,634,635,642],{},[49,636,637],{},[21,638,641],{"href":639,"rel":640},"https:\u002F\u002Fse-radio.net\u002F2021\u002F12\u002Fepisode-489-sam-boyer-on-package-management\u002F",[38],"SE Radio #489: Sam Boyer on Package Management"," (Sam Boyer, 2021). A broad, ecosystem-agnostic discussion of package management as a discipline.",[42,644,646],{"id":645},"php","PHP",[17,648,649,656],{},[49,650,651],{},[21,652,655],{"href":653,"rel":654},"https:\u002F\u002Fmanifest.fm\u002F15",[38],"The Manifest #15: Packagist"," (Nils Adermann, 2019). PHP package management with Composer and Packagist from its co-creator.",[42,658,660],{"id":659},"dart","Dart",[17,662,663,670],{},[49,664,665],{},[21,666,669],{"href":667,"rel":668},"https:\u002F\u002Fmanifest.fm\u002F5",[38],"The Manifest #5: Pub"," (Natalie Weizenbaum, 2017). How Dart's pub works and a new algorithm for better dependency resolution errors, which became PubGrub.",[42,672,674],{"id":673},"java-jvm","Java \u002F JVM",[17,676,677,684],{},[49,678,679],{},[21,680,683],{"href":681,"rel":682},"https:\u002F\u002Fmanifest.fm\u002F6",[38],"The Manifest #6: Maven"," (Brian Fox, 2017). The history of Maven Central, how Minecraft DDoS'd the service, and the future of Java dependency management.",[17,686,687,694],{},[49,688,689],{},[21,690,693],{"href":691,"rel":692},"https:\u002F\u002Fmanifest.fm\u002F12",[38],"The Manifest #12: Clojars"," (Daniel Compton, 2019). Clojars, the Clojure package registry, and its relationship to Maven.",[17,696,697,704],{},[49,698,699],{},[21,700,703],{"href":701,"rel":702},"https:\u002F\u002Fopenssf.org\u002Fpodcast\u002F2024\u002F07\u002F16\u002Fwhats-in-the-soss-podcast-9-sonatypes-brian-fox-and-the-perplexing-phenomenon-of-downloading-known-vulnerabilities\u002F",[38],"OpenSSF \"What's in the SOSS?\" #9: Downloading Known Vulnerabilities"," (Brian Fox, 2024). Why 96% of vulnerable downloads from Maven Central had known fixes available.",[17,706,707,714],{},[49,708,709],{},[21,710,713],{"href":711,"rel":712},"https:\u002F\u002Fchariotsolutions.com\u002Fpodcast\u002Fepisode-53-gradle-creators-hans-dockter-and-adam-murdoch-part-1\u002F",[38],"TechCast #53: Gradle Creators, Part 1"," (Hans Dockter and Adam Murdoch, 2010). Gradle's creators on the build system's design and origins.",[17,716,717,724],{},[49,718,719],{},[21,720,723],{"href":721,"rel":722},"https:\u002F\u002Fchariotsolutions.com\u002Fpodcast\u002Fepisode-54-gradle-creators-hans-dockter-and-adam-murdoch-part-2\u002F",[38],"TechCast #54: Gradle Creators, Part 2"," (Hans Dockter and Adam Murdoch, 2010). Continuation of the Gradle discussion.",[17,726,727,734],{},[49,728,729],{},[21,730,733],{"href":731,"rel":732},"https:\u002F\u002Fse-radio.net\u002F2024\u002F08\u002Fse-radio-628-hans-dockter-on-developer-productivity\u002F",[38],"SE Radio #628: Hans Dockter on Developer Productivity"," (Hans Dockter, 2024). Gradle's creator on developer productivity and build tooling.",[42,736,738],{"id":737},"swift-apple","Swift \u002F Apple",[17,740,741,748],{},[49,742,743],{},[21,744,747],{"href":745,"rel":746},"https:\u002F\u002Fmanifest.fm\u002F2",[38],"The Manifest #2: CocoaPods"," (Orta Therox, 2017). How CocoaPods grew, the arrival of Swift Package Manager, and the Danger project.",[17,750,751,758],{},[49,752,753],{},[21,754,757],{"href":755,"rel":756},"https:\u002F\u002Fwww.swiftbysundell.com\u002Fpodcast\u002F75\u002F",[38],"Swift by Sundell #75: The Swift Package Ecosystem"," (Dave Verwer and Sven A. Schmidt, 2020). The Swift Package Index launch and the state of the Swift package ecosystem.",[17,760,761,768],{},[49,762,763],{},[21,764,767],{"href":765,"rel":766},"https:\u002F\u002Fswiftpackageindexing.transistor.fm\u002Fepisodes\u002F62-whats-the-plan-for-transitioning-cocoapods-into-maintenance-mode",[38],"Swift Package Indexing #62: Transitioning CocoaPods into Maintenance Mode"," (Orta Therox, 2025). CocoaPods' transition to maintenance mode as Swift Package Manager takes over.",[42,770,772],{"id":771},"net",".NET",[17,774,775,782],{},[49,776,777],{},[21,778,781],{"href":779,"rel":780},"https:\u002F\u002Fwww.hanselminutes.com\u002F238\u002Faspnet-mvc-3-rc-and-nuget-package-management-with-phil-haack",[38],"Hanselminutes #238: NuGet Package Management with Phil Haack"," (Phil Haack, 2010). Recorded during PDC week, this is essentially the launch episode for .NET's package manager, back when it was still called NuPack.",[42,784,786],{"id":785},"c-c","C \u002F C++",[17,788,789,796],{},[49,790,791],{},[21,792,795],{"href":793,"rel":794},"https:\u002F\u002Fmanifest.fm\u002F13",[38],"The Manifest #13: Conan"," (Diego Rodriguez-Losada, 2019). Package management problems specific to C\u002FC++ and the road to Conan 1.0.",[17,798,799,806],{},[49,800,801],{},[21,802,805],{"href":803,"rel":804},"https:\u002F\u002Fcppcast.com\u002Fdiego-rodriguez-losada\u002F",[38],"CppCast #56: Conan"," (Diego Rodriguez-Losada, 2016). Early discussion of Conan from its creator.",[17,808,809,816],{},[49,810,811],{},[21,812,815],{"href":813,"rel":814},"https:\u002F\u002Fcppcast.com\u002Frobert-schumacher\u002F",[38],"CppCast #153: Vcpkg"," (Robert Schumacher, 2018). vcpkg's evolution from a Visual Studio migration tool to a cross-platform C\u002FC++ dependency manager.",[42,818,820],{"id":819},"haskell","Haskell",[17,822,823,830],{},[49,824,825],{},[21,826,829],{"href":827,"rel":828},"https:\u002F\u002Fhaskell.foundation\u002Fpodcast\u002F68\u002F",[38],"Haskell Interlude #68: Michael Snoyman"," (Michael Snoyman, 2025). The creator of Stack and Stackage on building a build tool that \"just works\" for Haskell.",[42,832,834],{"id":833},"elm","Elm",[17,836,837,844],{},[49,838,839],{},[21,840,843],{"href":841,"rel":842},"https:\u002F\u002Felm-radio.com\u002Fepisode\u002Fpublishing-packages\u002F",[38],"Elm Radio #5: How (And When) to Publish a Package"," (2020). Elm's enforced semantic versioning, where the compiler diffs package APIs and rejects publishes that break compatibility without a major bump.",[42,846,848],{"id":847},"elixir","Elixir",[17,850,851,858],{},[49,852,853],{},[21,854,857],{"href":855,"rel":856},"https:\u002F\u002Fpodcast.thinkingelixir.com\u002F3",[38],"Thinking Elixir #3: Hex Package Manager"," (Eric Meadows-Jonsson, 2020). Hex's creator on how Elixir's package ecosystem handles versioning and resolution.",[42,860,862],{"id":861},"erlang","Erlang",[17,864,865,872],{},[49,866,867],{},[21,868,871],{"href":869,"rel":870},"https:\u002F\u002Fmostlyerlang.wordpress.com\u002F2015\u002F05\u002F12\u002F067-rebar-3\u002F",[38],"Mostly Erlang #067: Rebar 3"," (Fred Hebert, 2015). Fred Hebert and the panel on rebar3, Erlang's build and dependency management tool.",[42,874,876],{"id":875},"perl","Perl",[17,878,879,886],{},[49,880,881],{},[21,882,885],{"href":883,"rel":884},"https:\u002F\u002Funderbar.cpan.io\u002Fepisodes\u002F3\u002F",[38],"The Underbar #3: MetaCPAN"," (Olaf Alders, Mickey Nasriachi, Shawn Sorichetti, and Graham Knop, 2025). The MetaCPAN team on the project's history and future, recorded at the Perl Toolchain Summit in Leipzig.",[17,888,889,896],{},[49,890,891],{},[21,892,895],{"href":893,"rel":894},"https:\u002F\u002Funderbar.cpan.io\u002Fepisodes\u002F6\u002F",[38],"The Underbar #6: CPAN Testers"," (Doug Bell, Ruth Holloway, Ferenc Erki, and Breno G. de Oliveira, 2025). How CPAN Testers went down, and how a new team formed around its lone remaining maintainer to get things running again.",[17,898,899,906],{},[49,900,901],{},[21,902,905],{"href":903,"rel":904},"https:\u002F\u002Funderbar.cpan.io\u002Fepisodes\u002F7\u002F",[38],"The Underbar #7: CPAN Security Group"," (Salve J. Nilsen, Stig Palmquist, and others, 2025). The CPAN Security Group on supply chain security for Perl's package ecosystem.",[17,908,909,916],{},[49,910,911],{},[21,912,915],{"href":913,"rel":914},"https:\u002F\u002Ftwit.tv\u002Fshows\u002Ffloss-weekly\u002Fepisodes\u002F246",[38],"FLOSS Weekly #246: Pinto"," (Jeffrey Thalhammer, 2013). Custom CPAN-like repositories with Pinto, covering why pinning dependencies matters for reproducible builds.",[42,918,920],{"id":919},"system-package-managers","System package managers",[17,922,923,930],{},[49,924,925],{},[21,926,929],{"href":927,"rel":928},"https:\u002F\u002Fmanifest.fm\u002F1",[38],"The Manifest #1: Homebrew"," (Mike McQuaid, 2017). The lead maintainer on Homebrew's design, how it uses GitHub as a database, and patching upstream.",[17,932,933,940],{},[49,934,935],{},[21,936,939],{"href":937,"rel":938},"https:\u002F\u002Fchangelog.com\u002Fpodcast\u002F35",[38],"The Changelog #35: Homebrew and OS X Package Management"," (Max Howell, 2010). Early interview with Homebrew's creator about the project's origins.",[17,942,943,950],{},[49,944,945],{},[21,946,949],{"href":947,"rel":948},"https:\u002F\u002Fchangelog.com\u002Fpodcast\u002F223",[38],"The Changelog #223: Homebrew and Package Management"," (Mike McQuaid, 2016). The 1.0.0 release and growth to almost 6000 unique contributors.",[17,952,953,960],{},[49,954,955],{},[21,956,959],{"href":957,"rel":958},"https:\u002F\u002Fwww.freecodecamp.org\u002Fnews\u002Fthe-most-important-skills-going-forward-with-cto-homebrew-maintainer-mike-mcquaid-podcast-204",[38],"freeCodeCamp Podcast #204: Mike McQuaid"," (Mike McQuaid, 2026). How big open source infrastructure gets built and maintained.",[17,962,963,970],{},[49,964,965],{},[21,966,969],{"href":967,"rel":968},"https:\u002F\u002Fmanifest.fm\u002F14",[38],"The Manifest #14: Debian and Reproducible Builds"," (Chris Lamb, 2019). How package management works in Debian and the Reproducible Builds project.",[17,972,973,980],{},[49,974,975],{},[21,976,979],{"href":977,"rel":978},"https:\u002F\u002Fchangelog.com\u002Fpodcast\u002F437",[38],"The Changelog #437: Into the Nix Ecosystem"," (Domen Kozar, 2021). Nix's origins from Eelco Dolstra's university research, how it works as a \"Swiss Army knife of DevOps,\" and the road ahead.",[17,982,983,990],{},[49,984,985],{},[21,986,989],{"href":987,"rel":988},"https:\u002F\u002Fcreators.spotify.com\u002Fpod\u002Fprofile\u002Fhappypathprogramming\u002Fepisodes\u002F73-Nix---Functional-Programming-for-Software-Packaging-with-Domen-Koar-e1t5onm",[38],"Happy Path Programming #73: Nix - Functional Programming for Software Packaging"," (Domen Kozar, 2023). Nix as functional programming applied to the packaging problem.",[17,992,993,1000],{},[49,994,995],{},[21,996,999],{"href":997,"rel":998},"https:\u002F\u002Fwww.podchaser.com\u002Fpodcasts\u002Ffoss-north-the-pod-4749563\u002Fepisodes\u002Fflatpak-with-alexander-larsson-141124423",[38],"foss-north #33: Flatpak with Alexander Larsson"," (Alexander Larsson, 2021). Flatpak's creator on its design, containers, and Linux desktop application distribution.",[17,1002,1003,1010],{},[49,1004,1005],{},[21,1006,1009],{"href":1007,"rel":1008},"https:\u002F\u002Fcast.postmarketos.org\u002Fepisode\u002F30-Interview-Natanael-Copa-Alpine-Linux\u002F",[38],"postmarketOS Podcast #30: Natanael Copa"," (Natanael Copa, 2023). Alpine Linux's creator on why apk-tools is so fast and planned improvements for future versions.",[42,1012,1014],{"id":1013},"scientific-computing","Scientific computing",[17,1016,1017,1024],{},[49,1018,1019],{},[21,1020,1023],{"href":1021,"rel":1022},"https:\u002F\u002Fmanifest.fm\u002F11",[38],"The Manifest #11: Spack"," (Todd Gamblin). The package manager for supercomputers and the unique challenges of HPC packaging.",[17,1026,1027,1034],{},[49,1028,1029],{},[21,1030,1033],{"href":1031,"rel":1032},"https:\u002F\u002Ftalkpython.fm\u002Fepisodes\u002Fshow\u002F94\u002Fguarenteed-packages-via-conda-and-conda-forge",[38],"Talk Python To Me #94: Guaranteed Packages via Conda and Conda-Forge"," (Phil Elson, Kale Franz, and Michael Sarahan, 2017). How conda distributes pre-compiled binaries across platforms, conda-forge's community packaging model, and what distinguishes conda from pip.",[17,1036,1037,1044],{},[49,1038,1039],{},[21,1040,1043],{"href":1041,"rel":1042},"https:\u002F\u002Ftalkpython.fm\u002Fepisodes\u002Fshow\u002F198\u002Fcatching-up-with-the-anaconda-distribution",[38],"Talk Python To Me #198: Catching Up with the Anaconda Distribution"," (Peter Wang, 2019). Anaconda's co-founder on conda as a cross-platform package manager, enterprise adoption, and the sustainability challenges of open source infrastructure that millions depend on.",[17,1046,1047,1054],{},[49,1048,1049],{},[21,1050,1053],{"href":1051,"rel":1052},"https:\u002F\u002Fmanifest.fm\u002F16",[38],"The Manifest #16: Conda Forge, Mamba, and Packaging Con"," (Wolf Vollprecht, 2021). Conda-forge, the Mamba solver, and the first Packaging-Con.",[17,1056,1057,1064],{},[49,1058,1059],{},[21,1060,1063],{"href":1061,"rel":1062},"https:\u002F\u002Fwww.rce-cast.com\u002FPodcast\u002Frce-103-easybuild.html",[38],"RCE 103: EasyBuild"," (2016). EasyBuild's approach to managing scientific software builds on HPC systems.",[17,1066,1067,1074],{},[49,1068,1069],{},[21,1070,1073],{"href":1071,"rel":1072},"https:\u002F\u002Fflossforscience.com\u002Fpodcast\u002Fseason-1-episode-12",[38],"FLOSSforScience EP012: EasyBuild"," (Kenneth Hoste, 2018). The problems of installing scientific software on HPC systems and how EasyBuild addresses them.",[42,1076,1078],{"id":1077},"cross-ecosystem","Cross-ecosystem",[17,1080,1081,1088],{},[49,1082,1083],{},[21,1084,1087],{"href":1085,"rel":1086},"https:\u002F\u002Fmanifest.fm\u002F7",[38],"The Manifest #7: The Update Framework"," (Trishank Karthik Kuppusamy). TUF, a security layer for package managers that grew out of the Tor Project. Also covers Uptane for automotive package management.",[17,1090,1091,1098],{},[49,1092,1093],{},[21,1094,1097],{"href":1095,"rel":1096},"https:\u002F\u002Fmanifest.fm\u002F10",[38],"The Manifest #10: Open Source Licensing"," (Kate Stewart). How open source licensing intersects with software packaging, from the SPDX perspective.",[17,1100,1101,1108],{},[49,1102,1103],{},[21,1104,1107],{"href":1105,"rel":1106},"https:\u002F\u002Fopenssf.org\u002Fpodcast\u002F2024\u002F11\u002F26\u002Fwhats-in-the-soss-podcast-20-jack-cable-of-cisa-and-zach-steindler-of-github-dig-into-package-repository-security\u002F",[38],"OpenSSF \"What's in the SOSS?\" #20: Package Repository Security"," (Jack Cable and Zach Steindler, 2024). Trusted Publishing, which started in PyPI and spread to RubyGems and npm.",[17,1110,1111,1118],{},[49,1112,1113],{},[21,1114,1117],{"href":1115,"rel":1116},"https:\u002F\u002Fopenssf.org\u002Fpodcast\u002F2024\u002F12\u002F10\u002Fwhats-in-the-soss-podcast-21-alpha-omegas-michael-winser-and-catalyzing-sustainable-improvements-in-open-source-security\u002F",[38],"OpenSSF \"What's in the SOSS?\" #21: Alpha-Omega"," (Michael Winser, 2024). Securing critical dependency chains one project at a time, the \"fix, fork, or forego\" framework for upstream vulnerabilities, and why human trust beats automated reports.",[17,1120,1121,1128],{},[49,1122,1123],{},[21,1124,1127],{"href":1125,"rel":1126},"https:\u002F\u002Ftwit.tv\u002Fshows\u002Fsecurity-now\u002Fepisodes\u002F807",[38],"Security Now #807: Dependency Confusion"," (Steve Gibson, 2021). A detailed walkthrough of Alex Birsan's dependency confusion research, where uploading packages to public registries matching internal names at Apple, PayPal, and others achieved remote code execution.",[1130,1131],"hr",{},[17,1133,1134,1135,1140,1141,1146],{},"What's missing? There are ecosystems I know less about and episodes I haven't found. ",[21,1136,1139],{"href":1137,"rel":1138},"https:\u002F\u002Fmastodon.social\u002F@andrewnez",[38],"Let me know"," or ",[21,1142,1145],{"href":1143,"rel":1144},"https:\u002F\u002Fgithub.com\u002Fandrew\u002Fnesbitt.io",[38],"open a PR",".",{"title":1148,"searchDepth":1149,"depth":1149,"links":1150},"",2,[1151,1152,1153,1154,1155,1156,1157,1158,1159,1160,1161,1162,1163,1164,1165,1166,1167,1168,1169],{"id":44,"depth":1149,"text":45},{"id":319,"depth":1149,"text":320},{"id":483,"depth":1149,"text":484},{"id":547,"depth":1149,"text":548},{"id":581,"depth":1149,"text":582},{"id":645,"depth":1149,"text":646},{"id":659,"depth":1149,"text":660},{"id":673,"depth":1149,"text":674},{"id":737,"depth":1149,"text":738},{"id":771,"depth":1149,"text":772},{"id":785,"depth":1149,"text":786},{"id":819,"depth":1149,"text":820},{"id":833,"depth":1149,"text":834},{"id":847,"depth":1149,"text":848},{"id":861,"depth":1149,"text":862},{"id":875,"depth":1149,"text":876},{"id":919,"depth":1149,"text":920},{"id":1013,"depth":1149,"text":1014},{"id":1077,"depth":1149,"text":1078},"https:\u002F\u002Fnesbitt.io\u002F2026\u002F02\u002F09\u002Fpackage-manager-podcast-episodes","nesbitt.io","package-management","2026-02-09","A reference list of podcast episodes about package managers, grouped by ecosystem.","md",false,null,{},true,"\u002Fideas\u002Fpackage-manager-podcast-episodes",{"title":10,"description":1174},"ideas\u002Fpackage-manager-podcast-episodes","pkKa7cTEZjxjI_Gx6CTolg6FMnHYLCHwJgHHRUBwLuc",1780596104497]