[00:00:20] Nathan Wrigley: Hello there and welcome once again to the WP Builds podcast. You've reached episode number 469 entitled Lovekesh Kumar introduces the WPM Package Manager. It was published on Thursday, the 21st of May, 2026. And before we join Lovekesh for that interview about that interesting subject. First of all, a few bits of housekeeping.
The first thing to say is that if you're into WP Builds, head to us subscribe page. That way you can keep updated via email on things like X and Bluesky and YouTube when we create new content. If you subscribe to our email list, we'll send you one email a week for this, the podcast, which comes out on a Thursday.
And also we'll send you an email when we produce our This Week in WordPress show. We do that live every Monday, 2:00 PM UK time. Join us, join in the comments, it's at wpbuilds.com/live, and then you'll get an email about that when it goes out on a Tuesday. So wpbuilds.com/subscribe.
The other thing, if you'd like to help keep the WP Builds podcast going, head to our advertise page, wpbuilds.com/advertise, and we'll see if we can get you and your product in front of a very WordPress specific audience. So if you've got a block, a plugin, a theme, or hosting, whatever it may be, reach out and we'll have a chat and see what we can do for you.
Okay, what have we got for you today? Well, today is a bit of a propellerhead episode. Lovekesh Kumar is here from rtCamp, and he's going to explain to us why he has been spending time building the WPM Package Manager.
We find out all about his history working with WordPress, and particularly his engineering background at rtCamp, which is an enterprise level agency based in India. And then we get into the subject at hand.
We talk about what a package manager is, and if you are a full on developer, all of this will be common sense to you. But if like me, you are not, then there's quite a lot of learning to do.
So we talk about the background, we talk about why the project exists, we talk about why it's unique, why it might replace tooling that you've got already, and all of the roadmap features that are coming and how you can help get involved.
Like I say, it's a bit of a propellerhead episode, but I hope that you enjoy it.
I am joined on the podcast by Lovekesh. Hello, Lovekesh.
[00:02:53] Lovekesh Kumar: Hello. Hi.
[00:02:54] Nathan Wrigley: It's very nice to have you on in person. Lovekesh And I sat across at a table from each other for probably about three minutes at Word Camp Asia.
We really didn't get much of a chance to get to know each other, but I was introduced to you by somebody else. I will, I will not mention who that was because I've actually forgotten, but somebody said I should speak to you and you had an absolutely barnstorming brand new product out there, and that's then, that's what we're gonna talk about today.
It's called WPM. it is, a package manager for WordPress, and we're gonna get into all of that. But before we do love, k, would you mind just telling us a little bit about you, who you work for, what is it that you do with your professional life and hobbies and all of that kind of stuff. But I guess if we stick to WordPress, that would be useful as well.
So tell us about yourself. Lovekesh.
[00:03:48] Lovekesh Kumar: So I am, I'd like you introduced me. Thanks for that. I am a WordPress engineer. I have been working with enterprise WordPress for nearly about two complete five years, and I work at rtCamp, a very cool company. And yeah, I worked a lot around WordPress. I have contributed to performance team Chem has sponsored me to contribute there, and I am also a committer on W-P-C-L-I, so I do a lot of open source work, but currently from past few months, I am working on WP mostly in my free time,
[00:04:30] Nathan Wrigley: Oh, okay. Interesting. So this is a is WPM, which we'll get into in a minute. This is like a hobby project for you, is it's something that you're doing on the side. It's not maybe you are hoping that it will become a big part of what you do, but it's just a hobby at the moment.
[00:04:48] Lovekesh Kumar: Yeah.
[00:04:50] Nathan Wrigley: Yeah, these hobbies have a tendency of taking up lots of time and what started out as a hobby, you suddenly realise, oh, I did 40 hours on this last week. It's the same as my actual job. okay. There's a few things that I want to get out there right at the beginning before we get into this podcast.
And that is to say, I think it's, I think it's true to say that Lke is significantly cleverer than I am, and the product that he's put together is basically beyond my pay grade. So I'm gonna ask Lke to make sure that he holds my hand through the process of explaining what it does. And if I put my foot in it ation, say something utterly dumb and ridiculous, I hope that you'll have the, hopefully you'll have the bandwidth to, to walk me through it.
So the first thing that I'm gonna do is say that I'm gonna bury three URLs on the WP Builds show notes for this episode. So if you go to wp builds.com, search for the episode with Love Case in it. So that's L-O-V-E-K-E-S-H. Maybe just search for that. the chances of you getting more than one post are zero.
So it'll be that post. Go there and there will be three links. One will be called Modern Package, man, sorry, I'll just say that again. One will be called Modern Package Management for WordPress. but you can find that at the URL Wpm Do Very cool. URL by the way. Another one will be to the, GitHub repository for this project.
And the last one will be on Love Case's, personal website. So it's called the Love case, dot com. And it's called YI Built Wpm, a Secure Go Based Package Manager for WordPress. So there's those three resources. If at any point you get confused by what's going on in here, pause the podcast, go and check those out, and we will begin with why.
I built WPMA Secure Go Based Package Manager for WordPress. So my question, simply Love cases. Why did you build it? What is it for? Why have you built it? And who might use it,
[00:07:07] Lovekesh Kumar: So like I mentioned before that I mostly work in enterprise segment when it comes to WordPress, right? So there are like a lot of high value projects, that takes lot of developers to maintain it and run it on their local system, as well as deploy it so that end users can use it. So at the core, what happens is that while end users see a like very beautiful website, they get very beautiful experience.
As a developer, we got lot of issues while managing those things. For example, pretty mature WordPress website uses end number of plugins. Maybe most of them are public ones. You can download them from maybe wordpress.org. if you are like very tech savvy, maybe you use composure and, download them using composure.
But the fiction comes when it comes to manage, premium plugins on your website or even premium themes. So generally how the ecosystem looks like is that, for example, let's talk about used. Used have a, like very cool SU plugin. You can download it to it for free and you can just instal it on our website and there you go.
You can just keep using it. But fiction comes when, you have to purchase premium one and now you have to manage on your website as well. While for most non-technical users who just maintain their plugin and themes from WordPress dashboard, it is, it's not like much of an issue. They can just download it, unpack it, and upload it, maybe using FTP.
But when it comes to enterprise WordPress, we generally maintain or manage the WordPress, and I call it WordPress as code, where we don't use WordPress dashboard to instal or upload plugin and teams rather we maintain everything as code. Maybe in a get a repository, we download plugins and themes in CICD pipelines, and then we deploy it using automations.
So at that part, the friction comes that each vendor use their own methodology to distribute those premium plugins. For example, some may use EDD, to distribute those plugins. Some may, just give you the GIP and it's up to you that how you will unpack it, how you will upload it. So there are like lot of actions around.
We have to do many like hacks to put all of them plugins to plugins or teams together from multiple vendors and maintain them on our side. Then I got about this, that WordPress should have something that is like centralised. Everything can be managed in a single place while keeping the security at maximum.
So currently the problem with security is that, there is no built in way to identify that we are pushing something to WordPress code base that is actually published by someone. So for example, let's say I am a plugin author. I publish the plug plugin somewhere. Now end user board guarantee they, they have that we are downloading the same thing or we are downloading the same artefact that author published.
There is no, no way to identify that. in compared to other ecosystems. For example, Javas group ecosystem is very big. Rest ecosystem is there like many ecosystem. They have built in centralised tools that helps user to identify security such security gaps. But WordPress doesn't have it, unfortunately.
[00:10:49] Nathan Wrigley: So the, let's just dig into the enterprise thing. The whole enterprise layer here. I guess what you're trying to say then is that you don't do things in the way that a, new person to WordPress would, do. So I'm guessing a lot of the people that listen to this podcast will be only familiar with the WordPress backend.
So you'll log in, you'll download your plugins from here, there, and everywhere. You'll put them on your desktop, you'll upload them to your WordPress website, and you'll go through the whole GUI, the graphical user interface and do it all that way. However, when you're at the enterprise level, when you are dealing with clients, I don't know, banks and large, international businesses, this is just a non-negotiable thing.
You, you just simply don't do it that way. Why don't you do it that way? Is it simply a time saving mechanism or is there some, you alluded to security. Is there some other benefit aside from simply saving time of doing it all through, a package manager, a CLI kind of interface? Why do you go through that whole process?
[00:11:58] Lovekesh Kumar: Yeah. So, there are many quirks in the way. So for example, let's say there is a, very big team, and generally in big WordPress, website, there are like lot of teams. There are businesses, stakeholders which take decisions. Then there are management teams, then there are developers. So let's say you give everyone a freedom that they can just go upload some plugin and do the stuff.
Then it's unsafe by many means. For example, that let's say a manager is, doing some brainstorming with ai, and AI just wrote a plugin for them that, Hey, just instal it on your
[00:12:36] Nathan Wrigley: Oh, here we
[00:12:37] Lovekesh Kumar: and you will see that. And they will be like, very tempting. Okay, I will just go and upload it. What, maybe that plugin is not reviewed by any developer that, whether it's safe or not, because in enterprise WordPress, the data security is there, the data privacy is there, and the plugin can do many wrong things, with those things.
So for simple sites, it isn't like major problem, but for, enterprise websites where like there are a lot of, you will say, privacy related things, security related things, it, really matters. That's why many hosting providers, for example, WordPress, VIP is there, which blocks this thing by default, you can just don't do that.
They're, they are, they only provide, you read only file system where you can just upload it or deploy it via code
and not dashboard.
[00:13:30] Nathan Wrigley: So the, principle here, is you are trying to lock down every conceivable possible angle where somebody with enough, I don't know, inexperience or perhaps a greater level of experience, might be able to do something undesirable in the situation of a mom and pop, WordPress brochure website.
For a store on the corner of your street, this is really not that important. But for a, an enterprise level website, which may be getting hit, I don't know, a million times a day, thousands of times every second, you really have to go the extra mile to make sure that every single angle has been locked down.
And I, guess this is a consequence of that if you are gonna lock everything down, you don't want people to be able to go into the backend of WordPress and upload plugins that nobody's ever heard of before. You want all of that to go through the pipeline of your team, in your case, RT camp's pipeline, make sure that everything's exactly as it says on the tin, make sure that the code is actually safe to commit, because I suppose that's the promise you've got with the client.
We will guarantee that your website never has the kind of problems that WordPress might have a bad name for. And so you as an agency have to lock that stuff down. it, does that sort of sum it up, roughly speaking?
[00:14:53] Lovekesh Kumar: yeah. That's a like, great summary, I
[00:14:55] Nathan Wrigley: Okay, perfect. Yeah. In which case then let's move on to what a package manager is.
And again, forgive my sort of ignorance around here. I, have a, fairly, detailed understanding of what such a thing is, but just in terms of the audience, what, what does a package manager allow you to do and why have previous package managers fallen short? And I suppose you are gonna get more into the security bits and pieces that you mentioned earlier and how you might resolve dependencies and make sure that packages are actually signed correctly and that kind of thing.
So let's begin with what a package manager is. What, does that thing do?
[00:15:35] Lovekesh Kumar: so in simple terms, package manager can be like any sort of automation, a CLA tool or a graphical user interface that is generally helping to manage your packages. It's simple as that. Now, in, in, terms of WordPress, when we talk about packages, those are generally plugins and themes. Yeah.
[00:15:59] Nathan Wrigley: so what is the what? What's the bit that's missing, What are the pieces that you thought were not sufficient, not correctly built for the WordPress ecosystem? The tools that are lying around at the minute, which you've been presumably using for the last, I don't know, handful of years. What is it that you've discovered was not, not as good as it could be?
Let's put it that way.
[00:16:23] Lovekesh Kumar: So let's say, you are building something, And, I want to understand that what actually are you building? How can I use it? Then there must be some sort of a spec compliance there, right? So you can say that, okay, I build it according to this spec, and you can use it according like, this.
So for example, let's, talk about Java script ecosystem a little bit. So when you publish or download packages, then they have a spec. You create a package, do j file, you declare whatever dependencies you are using and you just publish it. Now any tool around the world can build some sort of automation for their themselves that will follow that spec and do things without any problem.
Whereas in WordPress ecosystem, there is no spec. Everyone just do things like, they want, for example, one plugin author will try to publish their plugin or send updates for their plugin one way, another will do other way. So, that's like everyone is using their own methodology to distribute their plugin in case it's not published on wordpress.org.
Also, the other thing is that WordPress doesn't have a, like any native tool toolings, for when it comes to handle or manage packages. The only thing that exists in WordPress to manage that is wordpress.org distribution ecosystem where you have to may publish your plugin, you have to get approval, and then it'll be listed.
Then what happens is that developer face faced the issue, then someone created a composer layer on top of that. So can now we can download those plugin and themes from wordpress.org using composure, but composure, it's like hacky way, where when I talk WordPress plugin and themes to be consumed or used by composure, because wordpress.org wasn't built that way.
Rather we create a hack layer in between that, translate things between wordpress.org and composer, and we get,
[00:18:35] Nathan Wrigley: If you were to look around at other CMSs or other things which are equivalent to WordPress, in terms of their size and scope, would it be fair to say that there would be tooling equivalent to what you've built? WPM? Is it typical to have this kind of package manager built specifically for the tool in question?
What I'm basically trying to say is, it a surprise that we've got to the year 2026 and there isn't already? there is now. there wasn't already a dedicated tool. is that kind of surprising given that the, WordPress project is 22 plus years old.
[00:19:15] Lovekesh Kumar: yeah, that's very surprising and that's why he started it in first place, given a massive amount of market size that WordPress is holding and like thousands maybe. More than like a hundred thousand, 200,000 developers are working on it every day managing different websites. And all they are using is maybe their own script to do the same thing instead of
[00:19:40] Nathan Wrigley: Yeah. Yeah, it's interesting, isn't it? How ISI suppose free open source software can go in any which way. And if there's no, let's say financial benefit from de creating a tool like this, then maybe I could understand why it never came along. Everybody's happy to roll their own solution and agency A over here, we'll just do it this way and agency B over here, we'll do it that way.
but I suppose in the end, in order to have some kind of, credibility's the wrong word, but in order to have some, some so that agency A can talk to agency B basically, wouldn't it be nice if we had like a mature way of everybody knowing what everybody else is doing? And I suppose into the breach steps, the WPM tool that you've built, the WordPress package manager as it might be called,
[00:20:31] Lovekesh Kumar: Hmm.
[00:20:32] Nathan Wrigley: so what are the, features that you've built into this that you, found to be missing in other tools, maybe in processes that you'd used in the past, maybe in things like Composer?
What are the features that at the outset when you are just about to launch this, what are the features that you've got that you think are, pretty interesting that developers listening to this podcast might think, oh yeah, this is worth checking out.
[00:20:57] Lovekesh Kumar: Yeah. So first thing I will ask to any developer is that how many minutes or second it'll to take you to download, let's say 10 WordPress plugins in your project?
[00:21:11] Nathan Wrigley: Yep.
[00:21:13] Lovekesh Kumar: will it be like one minute? Will it be one second? Ha. How much time? And then let's say, what, about plugin in teams you use, but they are not there, that with, the existing tools that you are using.
So with WPM, with the given support, at this point of time, it will just take you like two to three seconds to download and number of plugin or themes. You just do WPM instal and a list of plugins or a list of themes. But there, there are. So, in WPM, there are also two, part one is CLI and one is registry.
Registry is what holds the artefacts or who, what holds the BOLs of plugin and themes. So when I talk about WPM, WPM is capable of holding or hosting pack private themes, plug public themes, private plugins, public plugins, and you will just need one command to download them and instal them.
Yeah.
[00:22:16] Nathan Wrigley: And I also, my understanding if I've read it correctly is that you also handle. dependency management as well. And on the, article that I'm looking at, the moment, for example, how much time would be saved? For example, if you, I don't know, let's say in your case you were using Elementor, which has loads and loads of, products which rely on it, which are dependent upon Elementor.
So if you go and instal this dependency plugin, WordPress doesn't really know what to do with that. There's just some sort of error thrown, whereas in your situation with the package manager, because that package would be rolled in such a way that, okay, if you instal this thing, then we know that we need to instal this thing.
It just goes ahead in the background and does that anyway. Okay. I'm trying to instal this Elementor dependence plugin that therefore obviously makes it apparent that you want Elementor 'cause it doesn't work without it. So let's just go ahead and do that. And, that could save quite a lot of time. And if the, obviously, if the product name is really obvious like such and such for Elemental, I guess there's a high chance that will be fine.
You'll figure it out for yourself. But if the product name doesn't give that away, you may have no clue that there's a dependency on some other thing. 'cause loads of products don't have the, name of the dependent, the sort of the mothership plugin if you like. So that's an interesting feature too.
[00:23:41] Lovekesh Kumar: I wish I could, show it to you on a screen right now, but guess what? It's a podcast.
[00:23:48] Nathan Wrigley: But you, just basically, you use the, command instal, whatever, and then it will immediately feed back to you. Okay. Yep. We're gonna go ahead and do that, but then on the following line, it will also say what the dependent thing is and say for example, I don't know, two or three packages installed and you don't have to, you don't have to think about it at all.
[00:24:10] Lovekesh Kumar: Yeah. So let's say, so most famous example is I have found around WooCommerce and Elemental, mostly because there are lots and lots of dependent add-ons on WooCommerce and Elemental. So let's say you are installing one, add-on, you just type that WPM instal that add-on, and it'll automatically resolve and instal WooCommerce or Elemental, whatever the, whatever it's depending on.
[00:24:37] Nathan Wrigley: It's just, a little bit of time saved, but it's a little bit of time saved a thousand times, 10,000 times, a million times a month, whatever it may be. And it all just makes sense. So I guess if I'm a, if I'm a plugin developer. the curious thing I want to know is, h how do IH how, what's the relationship that I need to have with you, the proprietor of WPMH?
How do I alert you that I've got this thing I would like to be involved in WPM, I would like it so that, my plugin is available there. Is it just a case of, okay, if it's on.org it's available or is there more to it? Do I need to speak to you in some way or fill out some documentation? How does it, how do people with their plugins and their themes and their blocks and whatever else it is, how do they get it so that this will all work just by typing a command?
[00:25:27] Lovekesh Kumar: So that's a very, good question because it's really about the adoption. So I'm start with that. Whatever plugin and themes are published on.org, there is a automation that will download them in a like constraint environment. It will generate signature and send it to WPM registry. One thing is that, so if you're plugin on plugin, our theme is on.org already.
It's on WPM. But let's say if you want to get, get your, like new plugin or theme on the, WPM, then I am working on the like registry, GUI. So you can generate tokens from there and you can publish your plugin or themes with just single command. Just go to your route of our plugin or theme and just type WPM publish with your token, and it'll publish that plugin or theme to, WPM.
Another thing is that how to get, included in the project, then it's open source because I created it for community, for developers like me. So you can just go to the rep or create issues, maybe fix issues, or if there is any feature you need, just let me know.
[00:26:40] Nathan Wrigley: so it, sounded from what you just said, that there needs to be, there needs to be some way of authorising, okay, this is my plugin. I've got it on GitHub or what have you. I would like this to be bundled up in, the list of commands that are available, the list of plugins, themes, whatever, sorry, that are available in WPM and you, meant, I think you said a token or something like that.
So there needs to be, you need to strike up some relationship with you. Where do we go and begin that process?
[00:27:08] Lovekesh Kumar: So currently you can go to, so that part is not public yet. you can go to wpm s so you can sign up on the wait list. And once I have that backend thing ready, I will share the access with you. Then you can create your account there and using that account, you can generate a token basically for authentication from your CLA tool, and you will be able to push and pull private or public packages from the registry.
To the registry. Yeah,
[00:27:37] Nathan Wrigley: And is there any, is there anything in this which mitigates the problem that we've been talking about recently in the WordPress space over on wordpress.org, a number of plugins have mysteriously changed hands in the background. somebody's taken over a new plugin and that new plugin has, changed in some way.
I don't know if the security model of this mitigates any of that. I, don't think it would,
[00:28:06] Lovekesh Kumar: actually I'm thinking a lot about, it. So let's say supply chain security is there, for example, that.
[00:28:14] Nathan Wrigley: Yeah, that was what I was after.
[00:28:15] Lovekesh Kumar: That
[00:28:16] Nathan Wrigley: Thank you.
[00:28:17] Lovekesh Kumar: someone, published to WPM, then they must attest that from which source they are building the plugin or theme artefact, and then they are pushing it to WordPress, sorry, not WordPress, WPM registry.
And when they download it gets verified against a cryptographic signature that validates that, okay. It's the same thing that, the plugin author or theme author pushed there. One thing is that second thing about that someone is buying the plugins and then, then making some, made some changes to them and then republished, then it comes to more, of a, like social engineering, where they are getting access to everything and unknowingly changing or adding few back doors and then pushing it to the upstream.
Then it, it becomes really hard until, and unless you have like lot of, like human eye on the things, for example, that you are the author of let's say plugin FU version one. I take over, I publish the version 1.1, then there should be some sort of human or AI loop in between that will check that. What's the differentiate, what the difference between version one and 1.1, and is there any issue between the new code changes that they are pushing?
So it's generally like how to build something around it, but I'm working on it in such a way that, that public at least trust that whatever source they are being billed at can be trusted. Also, I am thinking to give some sort of diff view in which
[00:29:58] Nathan Wrigley: Oh, neat.
[00:29:59] Lovekesh Kumar: identify that what was there before and after this version, what has changed.
So they can, if they, if you are like, too, like security freak, just like me, then you can validate each line that would have changed between this version and the new
version.
[00:30:14] Nathan Wrigley: So.
[00:30:15] Lovekesh Kumar: those are the few things I can
[00:30:16] Nathan Wrigley: Yeah, that's really interesting. especially in the adv with the advent of ai, obviously a human such as yourself who's experienced, you can probably rip through the diff pretty quickly, but if, there's, I don't know, 10,000 files in that plugin, it's gonna be a, pretty big job. But it feels like a, there's a lot of talk in the WordPress space.
WP Beacon is a project which is just launched, which is trying to point AI firmly in the direction of this. but that is really interesting that you've got some, notion of trying to, create a little bit of an impediment to making it so that things are signed in a certain way and that you've got some visibility on, who's doing what.
Now, the other curious thing I suppose, which, might make this of great interest is wordpress.org. F famously, is a repository of, freely available plugins. Every single one of them is completely free, but it, I think I heard you say that's not gonna be a constraint that you apply here.
You are happy to take, for want of a better word, premium plugins, or plugins that simply don't wish to put themselves on the wordpress.org repo. I dunno, they've, lived forever in GitHub or something like that. That's, is that the case? Are you, happy to take those kind of plugins as well?
So not just the.org, but premium and ones that have lived elsewhere and,
[00:31:40] Lovekesh Kumar: So to keep, the project. So see, CLI tool is something that I just host over getaway work on it in my free time. It's free, it doesn't put a lot of burden on me, but when it's come to registry, it runs some real servers which cost money. Then the firewalls are stored in S3, which cost real money.
So with premium plugins, my long-term goal is that if people find it useful and adopt it, then maybe try to find some way that can make it like sustainable and long term so that people can trust that I can put more resources and make it like more secure, more reachable to the people.
[00:32:19] Nathan Wrigley: Okay. So you are, I presume then probably wanting to get into conversations with plugin owners who have premium plugins to figure out what that may be. I don't know. Maybe that's a percentage or a just a, I dunno, a fee per instal or something like that. Would that be the case? Are you, willing to get into those conversations at this point?
Or is that a little, is it a little bit too early for all of that?
[00:32:46] Lovekesh Kumar: I would say I am open to get feedback or open to get suggestions on whether they, if they want some sort of particular infra, if they want to come on WPM. But from my experience so far, so let's say you are a premium vendor no matter what, you have to manage some sort of fra or end two.
[00:33:08] Nathan Wrigley: Yeah.
[00:33:09] Lovekesh Kumar: So why not just give it a, for something like much better and maybe even that cost you less.
[00:33:15] Nathan Wrigley: Yeah, that's okay. That is interesting. So a typical use case might be, I dunno, a, platform like EDD or something like that, which you're using. there's a possible future in which something like that may or may not be necessary. You could do things in a much more straightforward way through this.
Okay. Yeah, that's interesting. Okay. Just one thing, I'm presuming that the audience for this is gonna be fair. maybe as, time rolls on, it will be more widely, adopted by, let's say more novice users once they figured out how it worked. That would be nice. But in the short term, presumably you are gonna be, talking to other developers, senior developers, junior developers, And that makes me wonder, where are you at in terms of the launching of it? Have really tried and tested this a thousand ways? Are you happy that it's basically ready to launch? Where are you at with that? What, kind of, stamp of finished ness, for want of a better word, are you like 50% there, 90% there, 99% ready to launch?
[00:34:23] Lovekesh Kumar: So I would say that, for, at least for Word wordpress.org is providing, and what, public composer repository that are built on top of wordpress.org are providing can be get from WPM, like on this day itself. So it's in public, you can use it today, but like every other thing like that I talk about, for example, the, you can centralise private packages as well.
That thing is not done yet because I will have talk to plugin authors and team authors that are distributing their plugin in themes. But yeah, you can say it's launched. People can use it. Yeah.
[00:35:04] Nathan Wrigley: Okay. And given that there's a possible future in, which you, revenue wasn't the word that you used, but you, implied that you had to make sure that it was, sustainable. Perhaps that was the word you used. Are you, hoping that people will jump on this project with you, so that the open source side of that is taken care of.
Are you looking for some assistance, some maintainers, some other people to help you with the project? Or is it very much a case of, you are doing it yourself and you want to manage all of the bits and pieces?
[00:35:37] Lovekesh Kumar: I'm, very happy, to welcome more contributors. But, the thing is that being from WordPress ecosystem and, going into too much, methodologies from different ecosystem is a little hard. So the thing is that it's built for WordPress ecosystem, and I have found like very less or very few people that really understands that what I am doing.
So that is like a hard part for me because of the tech stack, the like security layer. Security stack and all that stuff. So if there are folks that really lagged this conversation and are interested, just reach me out on WordPress, slack, or, just, maybe on Twitter and just let me know if they are interested.
And also, like a great thing is that. Sorry, I should have covered it in like last question, but I shared it with lot of great folks at, Workcamp here, mostly like technical running, like lot of great features and every one of them give like positive feedback. They were very happy about this thing, that at least someone created it.
So I, I am having hard time to find anyone that have given me negative feedback
[00:36:53] Nathan Wrigley: Oh, that's lovely. That gives you great, building this, which I presume has been a bit of a labour of love and you finally throw it out there into the wild and you got that moment where will it sink or will it swim? You had a very big audience there, there were thousands of people. I dunno how many people you actually got it in front of, but that's really nice to hear that, that you've built something which fellow developers think is credible and useful.
I think really
we're
[00:37:18] Lovekesh Kumar: if I may, I have, one more thing to share. Talking you, you mentioned about contributors, right? So I am not doing, this alone. I have few of my friends that helps me. And also, so when I start building, this I had to read a lot of about supply chain security and all that stuff.
So I came to know about project, which is basically, like CNCF projects for the supply chain security and all this stuff. And I found someone, they are a staff engineer at GitHub, main, mainly handling security things. Name is Frederick. They are helping me a lot, sharing feedback that, how I should approach security things and,
[00:38:07] Nathan Wrigley: nice. Yeah.
[00:38:08] Lovekesh Kumar: Yeah. so maybe they don't hear to this podcast because they are from different
[00:38:11] Nathan Wrigley: that's right there in the GitHub ecosystem. Yeah. Yeah. Maybe.
[00:38:15] Lovekesh Kumar: worth mentioning their name because they have like even a lot of feedback around security
[00:38:20] Nathan Wrigley: Yeah. That's lovely. thank you for doing that. So I think really we're heading to the 36 minute mark that's about the sweet spot for this podcast. I will just once more, mention the, primary URL probably if you wanna figure it out, is to go to, let me just find it. I appear to have locked myself out of my browser.
There we go. Wpm. So if you go there, there's several tabs, there's docs, themes, plugin support. They're all in a state of being built at the moment. But perhaps more importantly, there is a white button, which is entitled Join Wait List. So if you, if you wanna be a part of this project, you can enter your email address and as soon as the spot has become available, you will get a reply, an email hopefully.
And, you never know. You might be using this product, in a matter of weeks. So thank you so much for joining me today. Just before we end it, you mentioned that you are available on a couple of places, I think you said X and things like that. Just so that I can put them into the show notes. Do you wanna just mention them in the audio and then I'll make sure that they make it into the show notes as well.
[00:39:29] Lovekesh Kumar: So you can find me at like nearly every social platform with the username deal of case. That is T-H-E-L-O-V-E-K-E-S-H.
[00:39:39] Nathan Wrigley: Okay. In which case I'll find a couple of those and I will link to those. So Love Case. Thank you so much for chatting to me today. I appreciate your handholding, in a subject which is, definitely above my pay grade. Very best of luck with the project and I hope that this podcast spawns a little bit of interest going in your direction.
Thank you so much for joining me today.
[00:40:00] Lovekesh Kumar: Yeah. Thank you so much, Nathan, for inviting me. Thanks.
[00:40:02] Nathan Wrigley: Okay. That's all we've got time for today. I hope you enjoyed that. Head to wpbuilds.com, search for episode number 4 6 9, and leave us a comment there. We'd really appreciate it.
And whilst I at it, why not subscribe? wpbuilds.com/subscribe. All of the different places are there, including our email list and social platforms. And if you'd like to help keep the lights on on the podcast, wpbuilds.com/advertise to find out more.
Okay, I'm gonna fade in some dreadful, cheesy music and say stay safe. You have a good week. Bye-bye for now.
