Open-Source Has a Problem

Would you work for free? What about for "exposure?" Of course, your answer may vary greatly depending on context. I'll gladly volunteer my time to do architectural photography for a local nonprofit group trying to get a building on the National Historic Register, but I would feel less generous if my employer asked me to design a new customer management system in my spare time. The difference, of course, is intent—the nonprofit group is doing something to benefit all community members, present and future, while my employer is trying to maximize profits. What happens when this dynamic presents itself in the open-source software community?

The core-js library is the most widely used JavaScript library, providing hundreds of polyfill modules to extend the functionality of the standard JavaScript library significantly. While you may not have heard of it, many of the largest technology-forward companies, including LinkedIn, Netflix, Apple, eBay, Spotify, and many others, use the library. This website uses core-js. Neither I nor any of the companies mentioned above paid for core-js—it's an open-source library available for download on GitHub. You may not realize that this library is actively primarily maintained by a single developer. What if I told you that this developer only makes $57 per month on this library, despite its use by Fortune 500 companies collectively worth billions?

So, What's Next?

Last week, an intriguing commit appeared in the core-js GitHub repository containing a markdown file named 2023-02-14-so-whats-next.md. Looking at the title, I expected a development roadmap for the following year. Instead, I was greeted with an open letter to the community expressing feelings of frustration and despair. Maintenance requirements for this library are growing, along with entitled demands for additional features. It's tempting to write this off as a single cranky and overworked developer until you realize this scenario has played itself out dozens of times over the years. In 2013, Marak Squires, developer of the 'colors' and 'faker' libraries, purposefully corrupted the libraries in protest of "support[ing] Fortune 500s (and other smaller sized companies) with my free work." There are countless examples of similar scandals, pointing to a systemic problem in the open source community. Companies don't blink an eye at the cost of most enterprise software. Even moderately sized companies often spend over one million dollars yearly for a single piece of software, yet never consider a modest contribution to a free software stack crucial to their success.

It's About Respect

Financial pressures aren't the only problem. Maintaining good open-source code is difficult. Maintainers must wade through mountains of pull requests (if they're lucky enough to have contributors) and review the code for quality. Rejected pull requests are often a source of friction among project contributors, but most pressure comes from users. Maintainers are placed under extraordinary pressure and routinely barraged with rude complaints from angry users and pointed questions from companies when bugs appear. As it turns out, providing software free of charge and without warranty doesn't prevent people from feeling entitled when something goes wrong.

Modern software is mindbogglingly complex. Every developer today stands atop the shoulders of developers that came before them; it's nearly impossible to develop a piece of software to modern expectations entirely from scratch. I might write several thousand lines of code for an application, but I may have imported dependencies and frameworks containing several tens of thousands of lines of code that I don't have the time (and may not even have the skill) to rewrite. Libraries like core-js are essential pieces of digital infrastructure, and finding solutions to these systemic issues is crucial to maintaining resilient software.