Hasty Briefsbeta

Bilingual

Dumb Ways for an Open Source Project to Die

a day ago
  • #Software Maintenance
  • #Open Source Sustainability
  • #Dependency Management
  • Ghost maintainer: Repo shows no recent human activity, issues unanswered, maintainer may have moved on or died, indistinguishable from temporary absence.
  • Corporate orphan: Company-built project abandoned after team disbanded, no updated README, admin rights lost, common in large companies.
  • Thesis orphan: Academic project abandoned after graduation, lab ownership lacks context, no incentives for maintenance despite ongoing citations.
  • Funding cliff: Project halted after grant/sponsorship ended, maintainers revert to other work, reduced capacity renders project inactive.
  • Hired away: Maintainer joins company (e.g., Apple) with restrictions, outside work stops, handover rarely happens in time.
  • Succession deadlock: Unreachable maintainer, willing successors lack access, registry disputes lengthy, forking often quicker.
  • Burnout plateau: Maintainer active for minor fixes but lacks energy for major decisions, project stalls indefinitely.
  • Benevolent zombie: Automated commits (bots) maintain activity, health scores misleading, no human oversight.
  • Custody battle: Co-maintainers in conflict block each other, project frozen, may split or stagnate.
  • Tribal knowledge gone: Code functional but undocumented, fear of breaking changes leads to read-only status.
  • Toxic gatekeeping: Hostile maintainer drives away contributors, low bus factor, eventual ghost-maintainer outcome.
  • Captured maintainer: Hostile actor gains access (e.g., xz, event-stream), backdoors code, project appears healthy.
  • Protestware: Maintainer deliberately breaks package (e.g., colors, left-pad), motivations vary, downstream impact severe.
  • Maintained-not-shipping: Development continues but release pipeline broken (e.g., lost 2FA), fixes unseen in registry.
  • Unreleasable main: Branch diverged from last tag, release risky, gap widens over time.
  • Build archaeology: Build environment irreproducible due to lost CI/tools, new releases hindered.
  • Shadow-maintained: Real development in private repo, public syncs ignore issues, mimics ghost maintainer.
  • Stranded major: Active version differs from widely used older version, ecosystem fragmentation.
  • Registry orphan: Package exists but source repo missing (404), about 1.7% of npm affected, no issue tracking.
  • Sanctions-stranded: Maintainer blocked by registry sanctions/frozen account, appears as ghost maintainer.
  • Takedown casualty: Package removed via DMCA/trademark claim (e.g., youtube-dl), may not return.
  • Platform-stranded: Tied to deprecated runtime (e.g., Python 2), porting effort too high.
  • Transitive death: Project killed by dead dependency in tree, inherits inactivity.
  • API rug-pull: External service/API withdrawn (e.g., Twitter/Reddit changes), wrapper projects die.
  • Superseded: Functionality now native (e.g., object-assign), maintainer stops, lockfiles keep installing.
  • Fork limbo: Project split, no clear winner (e.g., io.js/Node), downstream freezes on original.
  • Licence rug-pull aftermath: Relicensed to non-open source, community fork exists but adoption slow (e.g., Terraform/OpenTofu).
  • Open-core hollowing: Development shifts to commercial edition, open source version becomes minimal free tier.
About|Login