← All reports
Package Management
report

Package Manager People

Author
A portrait of Andrew NesbittAndrew Nesbitt
Date14 Jan 2026
Original poston nesbitt.io

People who built, maintain, or research package managers. Tool creators, registry operators, resolver authors, and the academics studying how it all works.

Tool creators and practitioners

André Arko - Bundler maintainer. Founded Ruby Together.

Adam Baldwin - npm security, npm audit. Founded Node Security Project.

Shlomi Ben-Haim - JFrog co-founder, Artifactory.

Tobias Bieniek - crates.io lead maintainer.

Ian Bicking - pip, virtualenv (2007-2008).

Jordi Boggiano & Nils Adermann - Composer (2011). Also run Packagist.

Nate Bosch - pub.dev, Dart package tooling.

Sam Boyer - "So you want to write a package manager" post. Built dep for Go.

Brett Cannon - Python core. Led lockfile PEP effort.

Tzu-ping Chung - pip maintainer.

Matthias Clasen - Flatpak.

Duncan Coutts - cabal-install, Haskell solver.

Nick Coghlan - Python packaging PEPs, PyPA governance.

Daniel Compton - Clojars maintainer.

Ludovic Courtès - GNU Guix (2012). Co-maintains GNU Guile.

Russ Cox - Go modules, minimum version selection. Version SAT proof.

Alex Crichton - Cargo, crates.io.

Evan Czaplicki - Elm package manager.

L. Peter Deutsch - Solaris pkgadd, SVR4 package format.

Jeff Dickey - mise (2023).

Hans Dockter & Adam Murdoch - Gradle (2008).

Eelco Dolstra - Nix (2003-2006).

Ernest W. Durbin III - PyPI infrastructure.

Eloy Durán & Fabio Pelosin - CocoaPods (2011).

John Ericson - Nix contributor.

Sébastien Eustace - Poetry (2018).

Brian Fox - Sonatype co-founder, Maven Central, Nexus Repository.

Fabrice Fontaine - Buildroot.

Chad Fowler, Jim Weirich, David Alan Black, Paul Brannan, Richard Kilmer - RubyGems (2004).

Kale Franz - conda.

Samuel Giddins - Bundler, Molinillo resolver, RubyGems.org.

Todd Gamblin - Spack (2013).

Pradyun Gedam - pip maintainer.

Jason Gunthorpe - APT (1998).

Phil Hagelberg - Leiningen (2010).

Jarkko Hietaniemi & Andreas König - CPAN (1995). König also wrote PAUSE.

Eric Hodel - RubyGems security, signing.

Kenneth Hoste - EasyBuild (2012), HPC software build framework.

Max Howell - Homebrew (2009).

Jordan Hubbard - FreeBSD Ports (1993), pkg_install.

Eric Huss - Cargo.

Dustin Ingram - PyPI, Warehouse.

Ian Jackson - Rewrote dpkg in C (1994).

Yehuda Katz & Carl Lerche - Bundler (2010), Cargo (2014).

Stefan Karpinski - Julia package manager.

Robert Kern - conda co-creator.

Zoltan Kochan - pnpm (2017).

Domen Kožar - Cachix, Nix ecosystem tooling.

Alex Larsson - Flatpak (2015).

Seth Larson - PSF Security Developer-in-Residence. SBOMs, dependency cooldowns.

Xavier Leroy - OPAM co-creator, OCaml.

Kim Lewandowski - SLSA co-founder.

Mark Lodato - SLSA spec lead.

Kat Marchán - npm CLI lead, Arborist, workspaces.

Charlie Marsh - Ruff (2022), uv (2024).

Mike McQuaid - Homebrew lead maintainer since 2013.

Allan McRae - pacman maintainer.

Eric Meadows-Jönsson - Hex, Elixir package tooling.

Tatsuhiko Miyagawa - cpanm (2010).

Paul Moore - pip maintainer.

Ian Murdock - dpkg (1994).

Jack Nagel - Homebrew.

Maël Nison - Yarn (2016), Yarn Berry.

Carol Nichols - crates.io, Rust community.

Bob Nystrom - pub, Dart package tooling.

Billy O'Neal - vcpkg.

Bryan O'Sullivan - Stack (2015).

Ed Page - Cargo maintainer.

Gary Ewan Park - Chocolatey.

Thomas Petazzoni - Buildroot.

Nick Quaranto - RubyGems.org founder.

Konstantin Raev - Yarn.

Dave Reisner - pacman, libalpm.

Rob Reynolds - Chocolatey (2011).

Daniel Robbins - Gentoo, Portage (2000).

Diego Rodriguez-Losada - Conan (2016).

Jordan Rose - Swift Package Manager.

Ilan Schnell - conda (2012).

Hiroshi Shibata - Ruby core, RubyGems/Bundler maintainer.

Isaac Schlueter - npm (2010).

Robert Schumacher - vcpkg.

C.J. Silverio - Former npm CTO. "Economics of package management" talk.

Jordan Sissel - fpm (2011).

Michael Snoyman - Stack.

Adam Stewart - Spack.

Donald Stufft - PyPI security, Warehouse.

Orta Therox - CocoaPods.

Erik Troan & Marc Ewing - RPM (1997).

Rebecca Turner - npm.

José Valim - Mix, Hex (2012).

Judd Vinet - pacman (2002).

Laurie Voss - npm co-founder.

Peter Wang - Anaconda co-founder.

Jason van Zyl - Maven (2002).

Patrick Volkerding - Slackware, pkgtool (1993).

Wolf Vollprecht - mamba (2019), pixi.

Michael Vogt - APT developer, unattended-upgrades.

Brian Warner - TUF contributor, Tahoe-LAFS.

Colin Watson - Debian, Launchpad.

Natalie Weizenbaum - PubGrub algorithm.

Ashley Williams - crates.io governance, Rust packaging policy.

William Woodruff - sigstore-python, PEP 740 (PyPI attestations), zizmor.

Ricardo Wurmus - Former GNU Guix co-maintainer. Guix-HPC.

Researchers

Pietro Abate - Dependency solving algorithms, OPAM.

Benoit Baudry - KTH. Software diversity, supply chain, build reproducibility.

Daniel Le Berre - SAT4J solver, dependency resolution research.

Justin Cappos - NYU. Created TUF, now used by Docker, PyPI, Rubygems. Advisor to Kuppusamy, Torres-Arias, Samuel.

Eleni Constantinou - Eindhoven. Software ecosystem health, dependency network fragility.

Alexandre Decan - University of Mons. Technical lag, ecosystem evolution, dependency networks.

Roberto Di Cosmo - INRIA. Led EDOS project. Papers on dependency resolution NP-completeness, co-installability, modular solver architecture.

Jens Dietrich - Victoria University of Wellington. Dependency bloat, JVM ecosystem analysis.

Massimiliano Di Penta - University of Sannio. Software evolution, dependency change impact.

Georgios Gousios - Delft, then Facebook. Präzi call-graph dependency analysis.

Ahmed E. Hassan - Queen's University. Mining software repositories, package evolution.

Joseph Hejderup - Präzi, call-graph dependency analysis.

Raula Gaikovina Kula - NAIST. Library migration, developer update behavior.

Miryung Kim - UCLA. Library and API evolution, migration studies.

Trishank Kuppusamy - TUF co-designer. Diplomat, Mercury, Uptane.

Chris Lamb - Reproducible Builds, former Debian Project Leader.

Tom Mens - University of Mons. Ecosystem evolution, "technical lag" metric.

Audris Mockus - UTK. Ecosystem-scale empirical studies.

Martin Monperrus - KTH. Supply chain security, SBOMs, breaking changes.

Henrik Plate - SAP Security Research. Supply chain attack taxonomies.

Donald Pinckney - npm-follower dataset, Max-SMT dependency solving.

Santiago Torres-Arias - Purdue. Created in-toto.

Ralf Treinen - EDOS project, co-installability formalization.

Bogdan Vasilescu - CMU. Dependency networks, ecosystem health.

Ying Wang - Dependency conflict detection (Watchman, Hero).

Stefano Zacchiroli - Télécom Paris, former Debian Project Leader. Reproducible builds, Software Heritage.

Théo Zimmermann - Télécom Paris. Rocq core team, Rocq-community. Research on package maintenance organizations.

Who's missing? Open a PR or let me know. If you'd like your entry updated, corrected, or removed, reach out the same way.

← All reports