It happens from time to time that disgruntled open-source maintainers destroy the very work they created.
Recently, the maintainer of two npm packages deleted all commits in their source repositories after announcing that the packages are frozen.
One of the packages has more than 15,000 downloads on npm per month.
Sunsetting your maintainer role
What are good ways to deal with this situation?
- Reach out for other people to become maintainers but make sure that your project is in good hands
- Grant the new maintainers ownership of the package registry account your project releases to
- If all else fails, mark the repository as archived
Deleting all or most commits, files, and branches prevents other from continuing the efforts that you are abandoning.
Options for recovering
If you come across a repository where this happened, look for your own local clone or community forks that are up-to-date with the upstream repository.
From a GitHub pull request, it is possible to navigate to the commit that was last merged even if it has been detached from all branches.
Once you have identified a commit you want to recover, create a new repository to recover to, then enter these commands:
git clone <broken-repo> # for example https://github.com/DisgruntledMaintainer/oss-repo.git git checkout main git fetch origin <commit-hash> git reset --hard FETCH_HEAD git remote add clone <clone-repo> # for example https://github.com/YourName/oss-repo.git git push -u clone main
The packages in question have now found a new group of maintainers after I helped recover the source code ❤️ May they all live happily ever after!
Top comments (0)