[{"data":1,"prerenderedAt":846},["ShallowReactive",2],{"NoscriptNav_XrRK2e2e8meJ0jKVGkb5ULGQDVi3UiFQ9nupAr7Yns":3,"\u002Freports\u002Fpackage-manager-people":8},["Island",4],{"key":5,"result":6},"NoscriptNav_XrRK2e2e8meJ0jKVGkb5ULGQDVi3UiFQ9nupAr7Yns",{"head":7},{},{"id":9,"title":10,"authors":11,"body":13,"canonicalUrl":832,"canonicalWebsiteName":833,"category":834,"date":835,"description":836,"extension":837,"featured":838,"fullWidthLayout":838,"image":839,"imageAlt":839,"location":839,"meta":840,"metaImage":839,"navigation":841,"path":842,"seo":843,"stem":844,"venue":839,"venueUrl":839,"__hash__":845},"reports\u002Freports\u002Fpackage-manager-people.md","Package Manager People",[12],"andrew",{"type":14,"value":15,"toc":826},"minimark",[16,20,25,32,38,44,50,56,62,68,74,80,86,92,98,104,110,116,122,128,134,140,146,152,158,164,170,176,182,188,194,200,206,212,218,223,229,235,241,247,253,259,265,271,277,283,289,295,301,307,313,319,325,331,337,343,349,355,361,367,373,379,384,390,396,402,408,414,420,426,432,438,443,449,455,461,467,473,479,485,491,497,503,508,514,520,526,532,538,544,550,556,562,568,574,580,586,592,598,604,610,616,622,628,634,640,644,650,656,662,668,674,680,686,692,698,704,710,716,722,728,734,740,746,752,758,764,770,776,782,788,794,800,806,809],[17,18,19],"p",{},"People who built, maintain, or research package managers. Tool creators, registry operators, resolver authors, and the academics studying how it all works.",[21,22,24],"h2",{"id":23},"tool-creators-and-practitioners","Tool creators and practitioners",[17,26,27,31],{},[28,29,30],"strong",{},"André Arko"," - Bundler maintainer. Founded Ruby Together.",[17,33,34,37],{},[28,35,36],{},"Adam Baldwin"," - npm security, npm audit. Founded Node Security Project.",[17,39,40,43],{},[28,41,42],{},"Shlomi Ben-Haim"," - JFrog co-founder, Artifactory.",[17,45,46,49],{},[28,47,48],{},"Tobias Bieniek"," - crates.io lead maintainer.",[17,51,52,55],{},[28,53,54],{},"Ian Bicking"," - pip, virtualenv (2007-2008).",[17,57,58,61],{},[28,59,60],{},"Jordi Boggiano & Nils Adermann"," - Composer (2011). Also run Packagist.",[17,63,64,67],{},[28,65,66],{},"Nate Bosch"," - pub.dev, Dart package tooling.",[17,69,70,73],{},[28,71,72],{},"Sam Boyer"," - \"So you want to write a package manager\" post. Built dep for Go.",[17,75,76,79],{},[28,77,78],{},"Brett Cannon"," - Python core. Led lockfile PEP effort.",[17,81,82,85],{},[28,83,84],{},"Tzu-ping Chung"," - pip maintainer.",[17,87,88,91],{},[28,89,90],{},"Matthias Clasen"," - Flatpak.",[17,93,94,97],{},[28,95,96],{},"Duncan Coutts"," - cabal-install, Haskell solver.",[17,99,100,103],{},[28,101,102],{},"Nick Coghlan"," - Python packaging PEPs, PyPA governance.",[17,105,106,109],{},[28,107,108],{},"Daniel Compton"," - Clojars maintainer.",[17,111,112,115],{},[28,113,114],{},"Ludovic Courtès"," - GNU Guix (2012). Co-maintains GNU Guile.",[17,117,118,121],{},[28,119,120],{},"Russ Cox"," - Go modules, minimum version selection. Version SAT proof.",[17,123,124,127],{},[28,125,126],{},"Alex Crichton"," - Cargo, crates.io.",[17,129,130,133],{},[28,131,132],{},"Evan Czaplicki"," - Elm package manager.",[17,135,136,139],{},[28,137,138],{},"L. Peter Deutsch"," - Solaris pkgadd, SVR4 package format.",[17,141,142,145],{},[28,143,144],{},"Jeff Dickey"," - mise (2023).",[17,147,148,151],{},[28,149,150],{},"Hans Dockter & Adam Murdoch"," - Gradle (2008).",[17,153,154,157],{},[28,155,156],{},"Eelco Dolstra"," - Nix (2003-2006).",[17,159,160,163],{},[28,161,162],{},"Ernest W. Durbin III"," - PyPI infrastructure.",[17,165,166,169],{},[28,167,168],{},"Eloy Durán & Fabio Pelosin"," - CocoaPods (2011).",[17,171,172,175],{},[28,173,174],{},"John Ericson"," - Nix contributor.",[17,177,178,181],{},[28,179,180],{},"Sébastien Eustace"," - Poetry (2018).",[17,183,184,187],{},[28,185,186],{},"Brian Fox"," - Sonatype co-founder, Maven Central, Nexus Repository.",[17,189,190,193],{},[28,191,192],{},"Fabrice Fontaine"," - Buildroot.",[17,195,196,199],{},[28,197,198],{},"Chad Fowler, Jim Weirich, David Alan Black, Paul Brannan, Richard Kilmer"," - RubyGems (2004).",[17,201,202,205],{},[28,203,204],{},"Kale Franz"," - conda.",[17,207,208,211],{},[28,209,210],{},"Samuel Giddins"," - Bundler, Molinillo resolver, RubyGems.org.",[17,213,214,217],{},[28,215,216],{},"Todd Gamblin"," - Spack (2013).",[17,219,220,85],{},[28,221,222],{},"Pradyun Gedam",[17,224,225,228],{},[28,226,227],{},"Jason Gunthorpe"," - APT (1998).",[17,230,231,234],{},[28,232,233],{},"Phil Hagelberg"," - Leiningen (2010).",[17,236,237,240],{},[28,238,239],{},"Jarkko Hietaniemi & Andreas König"," - CPAN (1995). König also wrote PAUSE.",[17,242,243,246],{},[28,244,245],{},"Eric Hodel"," - RubyGems security, signing.",[17,248,249,252],{},[28,250,251],{},"Kenneth Hoste"," - EasyBuild (2012), HPC software build framework.",[17,254,255,258],{},[28,256,257],{},"Max Howell"," - Homebrew (2009).",[17,260,261,264],{},[28,262,263],{},"Jordan Hubbard"," - FreeBSD Ports (1993), pkg_install.",[17,266,267,270],{},[28,268,269],{},"Eric Huss"," - Cargo.",[17,272,273,276],{},[28,274,275],{},"Dustin Ingram"," - PyPI, Warehouse.",[17,278,279,282],{},[28,280,281],{},"Ian Jackson"," - Rewrote dpkg in C (1994).",[17,284,285,288],{},[28,286,287],{},"Yehuda Katz & Carl Lerche"," - Bundler (2010), Cargo (2014).",[17,290,291,294],{},[28,292,293],{},"Stefan Karpinski"," - Julia package manager.",[17,296,297,300],{},[28,298,299],{},"Robert Kern"," - conda co-creator.",[17,302,303,306],{},[28,304,305],{},"Zoltan Kochan"," - pnpm (2017).",[17,308,309,312],{},[28,310,311],{},"Domen Kožar"," - Cachix, Nix ecosystem tooling.",[17,314,315,318],{},[28,316,317],{},"Alex Larsson"," - Flatpak (2015).",[17,320,321,324],{},[28,322,323],{},"Seth Larson"," - PSF Security Developer-in-Residence. SBOMs, dependency cooldowns.",[17,326,327,330],{},[28,328,329],{},"Xavier Leroy"," - OPAM co-creator, OCaml.",[17,332,333,336],{},[28,334,335],{},"Kim Lewandowski"," - SLSA co-founder.",[17,338,339,342],{},[28,340,341],{},"Mark Lodato"," - SLSA spec lead.",[17,344,345,348],{},[28,346,347],{},"Kat Marchán"," - npm CLI lead, Arborist, workspaces.",[17,350,351,354],{},[28,352,353],{},"Charlie Marsh"," - Ruff (2022), uv (2024).",[17,356,357,360],{},[28,358,359],{},"Mike McQuaid"," - Homebrew lead maintainer since 2013.",[17,362,363,366],{},[28,364,365],{},"Allan McRae"," - pacman maintainer.",[17,368,369,372],{},[28,370,371],{},"Eric Meadows-Jönsson"," - Hex, Elixir package tooling.",[17,374,375,378],{},[28,376,377],{},"Tatsuhiko Miyagawa"," - cpanm (2010).",[17,380,381,85],{},[28,382,383],{},"Paul Moore",[17,385,386,389],{},[28,387,388],{},"Ian Murdock"," - dpkg (1994).",[17,391,392,395],{},[28,393,394],{},"Jack Nagel"," - Homebrew.",[17,397,398,401],{},[28,399,400],{},"Maël Nison"," - Yarn (2016), Yarn Berry.",[17,403,404,407],{},[28,405,406],{},"Carol Nichols"," - crates.io, Rust community.",[17,409,410,413],{},[28,411,412],{},"Bob Nystrom"," - pub, Dart package tooling.",[17,415,416,419],{},[28,417,418],{},"Billy O'Neal"," - vcpkg.",[17,421,422,425],{},[28,423,424],{},"Bryan O'Sullivan"," - Stack (2015).",[17,427,428,431],{},[28,429,430],{},"Ed Page"," - Cargo maintainer.",[17,433,434,437],{},[28,435,436],{},"Gary Ewan Park"," - Chocolatey.",[17,439,440,193],{},[28,441,442],{},"Thomas Petazzoni",[17,444,445,448],{},[28,446,447],{},"Nick Quaranto"," - RubyGems.org founder.",[17,450,451,454],{},[28,452,453],{},"Konstantin Raev"," - Yarn.",[17,456,457,460],{},[28,458,459],{},"Dave Reisner"," - pacman, libalpm.",[17,462,463,466],{},[28,464,465],{},"Rob Reynolds"," - Chocolatey (2011).",[17,468,469,472],{},[28,470,471],{},"Daniel Robbins"," - Gentoo, Portage (2000).",[17,474,475,478],{},[28,476,477],{},"Diego Rodriguez-Losada"," - Conan (2016).",[17,480,481,484],{},[28,482,483],{},"Jordan Rose"," - Swift Package Manager.",[17,486,487,490],{},[28,488,489],{},"Ilan Schnell"," - conda (2012).",[17,492,493,496],{},[28,494,495],{},"Hiroshi Shibata"," - Ruby core, RubyGems\u002FBundler maintainer.",[17,498,499,502],{},[28,500,501],{},"Isaac Schlueter"," - npm (2010).",[17,504,505,419],{},[28,506,507],{},"Robert Schumacher",[17,509,510,513],{},[28,511,512],{},"C.J. Silverio"," - Former npm CTO. \"Economics of package management\" talk.",[17,515,516,519],{},[28,517,518],{},"Jordan Sissel"," - fpm (2011).",[17,521,522,525],{},[28,523,524],{},"Michael Snoyman"," - Stack.",[17,527,528,531],{},[28,529,530],{},"Adam Stewart"," - Spack.",[17,533,534,537],{},[28,535,536],{},"Donald Stufft"," - PyPI security, Warehouse.",[17,539,540,543],{},[28,541,542],{},"Orta Therox"," - CocoaPods.",[17,545,546,549],{},[28,547,548],{},"Erik Troan & Marc Ewing"," - RPM (1997).",[17,551,552,555],{},[28,553,554],{},"Rebecca Turner"," - npm.",[17,557,558,561],{},[28,559,560],{},"José Valim"," - Mix, Hex (2012).",[17,563,564,567],{},[28,565,566],{},"Judd Vinet"," - pacman (2002).",[17,569,570,573],{},[28,571,572],{},"Laurie Voss"," - npm co-founder.",[17,575,576,579],{},[28,577,578],{},"Peter Wang"," - Anaconda co-founder.",[17,581,582,585],{},[28,583,584],{},"Jason van Zyl"," - Maven (2002).",[17,587,588,591],{},[28,589,590],{},"Patrick Volkerding"," - Slackware, pkgtool (1993).",[17,593,594,597],{},[28,595,596],{},"Wolf Vollprecht"," - mamba (2019), pixi.",[17,599,600,603],{},[28,601,602],{},"Michael Vogt"," - APT developer, unattended-upgrades.",[17,605,606,609],{},[28,607,608],{},"Brian Warner"," - TUF contributor, Tahoe-LAFS.",[17,611,612,615],{},[28,613,614],{},"Colin Watson"," - Debian, Launchpad.",[17,617,618,621],{},[28,619,620],{},"Natalie Weizenbaum"," - PubGrub algorithm.",[17,623,624,627],{},[28,625,626],{},"Ashley Williams"," - crates.io governance, Rust packaging policy.",[17,629,630,633],{},[28,631,632],{},"William Woodruff"," - sigstore-python, PEP 740 (PyPI attestations), zizmor.",[17,635,636,639],{},[28,637,638],{},"Ricardo Wurmus"," - Former GNU Guix co-maintainer. Guix-HPC.",[21,641,643],{"id":642},"researchers","Researchers",[17,645,646,649],{},[28,647,648],{},"Pietro Abate"," - Dependency solving algorithms, OPAM.",[17,651,652,655],{},[28,653,654],{},"Benoit Baudry"," - KTH. Software diversity, supply chain, build reproducibility.",[17,657,658,661],{},[28,659,660],{},"Daniel Le Berre"," - SAT4J solver, dependency resolution research.",[17,663,664,667],{},[28,665,666],{},"Justin Cappos"," - NYU. Created TUF, now used by Docker, PyPI, Rubygems. Advisor to Kuppusamy, Torres-Arias, Samuel.",[17,669,670,673],{},[28,671,672],{},"Eleni Constantinou"," - Eindhoven. Software ecosystem health, dependency network fragility.",[17,675,676,679],{},[28,677,678],{},"Alexandre Decan"," - University of Mons. Technical lag, ecosystem evolution, dependency networks.",[17,681,682,685],{},[28,683,684],{},"Roberto Di Cosmo"," - INRIA. Led EDOS project. Papers on dependency resolution NP-completeness, co-installability, modular solver architecture.",[17,687,688,691],{},[28,689,690],{},"Jens Dietrich"," - Victoria University of Wellington. Dependency bloat, JVM ecosystem analysis.",[17,693,694,697],{},[28,695,696],{},"Massimiliano Di Penta"," - University of Sannio. Software evolution, dependency change impact.",[17,699,700,703],{},[28,701,702],{},"Georgios Gousios"," - Delft, then Facebook. Präzi call-graph dependency analysis.",[17,705,706,709],{},[28,707,708],{},"Ahmed E. Hassan"," - Queen's University. Mining software repositories, package evolution.",[17,711,712,715],{},[28,713,714],{},"Joseph Hejderup"," - Präzi, call-graph dependency analysis.",[17,717,718,721],{},[28,719,720],{},"Raula Gaikovina Kula"," - NAIST. Library migration, developer update behavior.",[17,723,724,727],{},[28,725,726],{},"Miryung Kim"," - UCLA. Library and API evolution, migration studies.",[17,729,730,733],{},[28,731,732],{},"Trishank Kuppusamy"," - TUF co-designer. Diplomat, Mercury, Uptane.",[17,735,736,739],{},[28,737,738],{},"Chris Lamb"," - Reproducible Builds, former Debian Project Leader.",[17,741,742,745],{},[28,743,744],{},"Tom Mens"," - University of Mons. Ecosystem evolution, \"technical lag\" metric.",[17,747,748,751],{},[28,749,750],{},"Audris Mockus"," - UTK. Ecosystem-scale empirical studies.",[17,753,754,757],{},[28,755,756],{},"Martin Monperrus"," - KTH. Supply chain security, SBOMs, breaking changes.",[17,759,760,763],{},[28,761,762],{},"Henrik Plate"," - SAP Security Research. Supply chain attack taxonomies.",[17,765,766,769],{},[28,767,768],{},"Donald Pinckney"," - npm-follower dataset, Max-SMT dependency solving.",[17,771,772,775],{},[28,773,774],{},"Santiago Torres-Arias"," - Purdue. Created in-toto.",[17,777,778,781],{},[28,779,780],{},"Ralf Treinen"," - EDOS project, co-installability formalization.",[17,783,784,787],{},[28,785,786],{},"Bogdan Vasilescu"," - CMU. Dependency networks, ecosystem health.",[17,789,790,793],{},[28,791,792],{},"Ying Wang"," - Dependency conflict detection (Watchman, Hero).",[17,795,796,799],{},[28,797,798],{},"Stefano Zacchiroli"," - Télécom Paris, former Debian Project Leader. Reproducible builds, Software Heritage.",[17,801,802,805],{},[28,803,804],{},"Théo Zimmermann"," - Télécom Paris. Rocq core team, Rocq-community. Research on package maintenance organizations.",[807,808],"hr",{},[17,810,811,812,819,820,825],{},"Who's missing? ",[813,814,818],"a",{"href":815,"rel":816},"https:\u002F\u002Fgithub.com\u002Fandrew\u002Fnesbitt.io",[817],"nofollow","Open a PR"," or ",[813,821,824],{"href":822,"rel":823},"https:\u002F\u002Fmastodon.social\u002F@andrewnez",[817],"let me know",". If you'd like your entry updated, corrected, or removed, reach out the same way.",{"title":827,"searchDepth":828,"depth":828,"links":829},"",2,[830,831],{"id":23,"depth":828,"text":24},{"id":642,"depth":828,"text":643},"https:\u002F\u002Fnesbitt.io\u002F2026\u002F01\u002F14\u002Fpackage-manager-people","nesbitt.io","package-management","2026-01-14","People who built, maintain, or research package managers.","md",false,null,{},true,"\u002Freports\u002Fpackage-manager-people",{"title":10,"description":836},"reports\u002Fpackage-manager-people","0jhL5LzDUlq3r8du5G_FW35V3zXknCICc_2B18TnjM0",1780596102948]