DEV Community

Cover image for Recovering intentionally destroyed open-source repositories
Lars Gyrup Brink Nielsen for The Transient Thoughts of a Restless Mind

Posted on • Updated on

Recovering intentionally destroyed open-source repositories

It happens from time to time that disgruntled open-source maintainers destroy the very work they created.

Recently, the maintainer of two npm packages deleted all commits in their source repositories after announcing that the packages are frozen.

One of the packages has more than 15,000 downloads on npm per month.

Sunsetting your maintainer role

What are good ways to deal with this situation?

  • Reach out for other people to become maintainers but make sure that your project is in good hands
  • Grant the new maintainers ownership of the package registry account your project releases to
  • If all else fails, mark the repository as archived

Deleting all or most commits, files, and branches prevents other from continuing the efforts that you are abandoning.

Options for recovering

If you come across a repository where this happened, look for your own local clone or community forks that are up-to-date with the upstream repository.

From a GitHub pull request, it is possible to navigate to the commit that was last merged even if it has been detached from all branches.

Once you have identified a commit you want to recover, create a new repository to recover to, then enter these commands:

git clone <broken-repo> # for example https://github.com/DisgruntledMaintainer/oss-repo.git
git checkout main
git fetch origin <commit-hash>
git reset --hard FETCH_HEAD
git remote add clone <clone-repo> # for example https://github.com/YourName/oss-repo.git
git push -u clone main
Enter fullscreen mode Exit fullscreen mode

The packages in question have now found a new group of maintainers after I helped recover the source code ❤️ May they all live happily ever after!

Top comments (0)