Open Source Chaos
So the previous week something pretty unusual took place in the Open Source world. As reported by bleepingcomputer.com the engineer behind colors.js and faker.js intentionally introduced mischievous commits in them which impacted thousands of applications relying on these libraries.
People who pulled these versions saw gibberish messages on their console:
These two are pretty well-known npm libraries I have personally used quite a few times, so I was astonished after reading the news.
In fact if you check faker.js README.md you will see that there is a commit named
endgame and the README.md has just one statement: "What really happened with Aaron Swartz?"
# The left-pad library
This reminded me of the
left-pad npm package event back in 2016. Its author decided to drop the library from the npm registry for his own personal reasons and this caused chaos to the web ecosystem since tons of applications were relying on it despite its tiny size. 11 lines of code to be precise.
"I think I have the right of deleting all my stuff", the author wrote on March 20 in an email that was later made public.
# Community reactions
As we get, the tech world was pretty astonished by these latest developments. On the one hand some people shared publicly their disagreement while others tried to come up with proposals and ideas mentioning also how important is the decentralization of the open source software.
# Some personal thoughts
My 2 cents in this really important topic is that we all have gained huge benefits by getting involved with the OS software down the years.
In fact, lots of hiring organizations tend to check engineers open source activity way more than their CV itself and this speaks volumes of how seriously tech world takes people's involvement with OS software. OS software definitely opens doors and that is a fact.
That said, all people included no matter if they are libraries users or authors have things to gain by dealing with OS software nowadays. For sure companies definitely make huge profits by using it but things are totally different compared with 5 years ago.
The big change is that lots of them have started giving back to the open source community in order to lubricate the engine. This is why lots important projects like NuxtJS and many more have started raising funds so that the people behind the curtains can work full-time on them.
Apart from that, we see even more and more patreons supporting various projects. All this proves that the mindset has shifted compared with a couple of years ago, and we see even more organizations and well-established people trying to give back and support the OS ecosystem.
Here it is important to mention also that there are quite a few great software libraries developed and maintained by tech giants like ReactJS which is open-sourced by Facebook, so we all can have a look deep inside or even use it to build the next multi-million web application by ourselves.
As we get, we live in an era where open source software blossoms and the tech world tries to support all these tireless efforts no matter what.
For sure there are some great projects that are discontinued or the torch is passed to other people and this makes the idea of decentralization quite attractive since tons of applications may rely on them.
All this is something we all need to consider carefully, so we find out what should happen when the author of a library chooses to step down which can happen for various reasons as we saw above.
Software Decentralization might sound like a great idea regarding OS software management and maintenance, so we ensure that all these great libraries will keep on breathing no matter what.
Unfortunately, if we don't establish such a mechanism, the trust and faith towards OS software can be damaged seriously and this is something no-one actually wants in tech world. Cheers!!