The article “Open Source is one person” by Josh Bressers explores a startling truth about the open source ecosystem: most open source projects are maintained by just one person.
🧩 Key Takeaways:
- Scale of Solo Maintenance: Out of 11.8 million projects tracked by ecosyste.ms, around 7 million are maintained by a single individual. Many of the remaining projects lack maintainer data, suggesting the true number is even higher.
- Popular ≠ Well-Resourced: Even among the most downloaded NPM packages (over 1 million downloads/month), nearly half are maintained by just one person. This trend persists across ecosystems.
- Security & Risk: The real supply chain risk isn’t where a maintainer lives—it’s that they’re often underpaid, overworked, and unsupported. Demonizing developers based on nationality (as seen in a recent Register article) misses the point entirely.
- Call to Action: Instead of scapegoating individual maintainers, the community should focus on supporting them. The author admits there’s no easy fix, but emphasizes that vilifying solo contributors is not the answer.
💡 Final Thought:
Open source powers the digital world—Harvard estimates its economic value at $8.8 trillion. Yet, much of it rests on the shoulders of individuals working alone. That’s the real vulnerability.
Top comments (0)