Sign in
Log inSign up

Is our current Open Source model broken?

Fernando Doglio's photo
Fernando Doglio
·Dec 13, 2018

I wrote a piece about the latest issue in the Node.js community, where (in case you haven't read about it yet) a hacker gain access (through social engineering) to the source code of a package and added an attack, potentially stealing crypto currency wallets. You can read about it here: blog.logrocket.com/the-latest-npm-breach-o…

Now, this happened mainly due to the original maintainer not caring about it's creation anymore, but this is not the exception, but rather very common in our industry. Would you say we need to change the way we handle Open Source projects in order to help those developers maintain interest in their projects? I'd love to know what others think about that.