13 votes

What happens when the maintainer of a JavaScript library downloaded 26 million times a week goes to prison

4 comments

  1. Akir
    Link
    As much as it seems to have gotten a bad rap lately, problems like these are why I think that JavaScript needs its own version of a standard library. IMHO when it comes to these mega-popular...

    As much as it seems to have gotten a bad rap lately, problems like these are why I think that JavaScript needs its own version of a standard library. IMHO when it comes to these mega-popular packages, the npm model of software development takes the efforts that would normally be taken care of by the most involved people and makes it so that every developer has to constantly evaluate the quality and usability of each module. Perhaps I am a bit too old fashioned, but it terrifies me that usage statistics have replaced code review as a method of determining the quality of a software package.

    5 votes
  2. [3]
    ThatFanficGuy
    Link
    That's a hell of a story. You can see Denis mention "stupid law" in regards to how Russia has apparently mistreated him... after he killed a person with his bike. I saw this quoted in one of the...

    That's a hell of a story.

    You can see Denis mention "stupid law" in regards to how Russia has apparently mistreated him... after he killed a person with his bike. I saw this quoted in one of the earlier posts in the GitHub thread regarding the fate of the project, but I'm tired, so pardon me for not going out to look for it now.

    I feel like this is something GitHub might consider pulling a "special circumstances" for. Like the article says, it's not a library in urgent need of fixing – but if suddenly disappears like left-pad did, lots of projects are going to break suddenly and for a lot of people.

    2 votes
    1. entangledamplitude
      Link Parent
      I don’t see why Github needs to do anything. I feel that anything they do can only set complicated precedents. The answer is simple. It’s an open source repository with a stated license. Fork it,...

      I don’t see why Github needs to do anything. I feel that anything they do can only set complicated precedents.

      The answer is simple. It’s an open source repository with a stated license. Fork it, and do what you want. Those who want to switch to the new one can do so. At most, a community decision could be made at the NPM level. I don’t think GitHub has any role to play in this matter — it would only be unnecessary interference.

      3 votes
    2. [2]
      Comment deleted by author
      Link Parent
      1. ThatFanficGuy
        Link Parent
        This sounds like a good idea in principle. Kinks to work out as always with new things, but sounds like a sane and reasonable thing to do. My question is: how do you fascilitate that on an "owner"...

        "If the maintainer(s) are unresponsive for x amount of time, you have the right to such and such."

        This sounds like a good idea in principle. Kinks to work out as always with new things, but sounds like a sane and reasonable thing to do.

        My question is: how do you fascilitate that on an "owner" level? How do you transfer rights? How do you indicate that the transfer was legit (and not just someone taking advantage of confusion)?

        This is not for you alone to decide, of course. We're talking about open source: the community must be able to chime in.

        1 vote