Everyone here has different thoughts on Open Source. It’s a topic widely discussed between developers and it causes a lot of trouble. Just recently again, we faced a major security incident in a popular npm package. It happened because the initial author of the free and open source package wasn’t interested in maintaining it and trusted someone who asked to maintain it who then, after publishing a few well intended updates finally introduced some malware script that steals specific Bitcoin wallets on a user’s device. The incident shows the problem with Open Source very well: We put our trust into someone we don’t know at all. We depend on them, their packages and cannot properly monitor everything. We build whole companies that depend on an experiment from someone who gets nothing (except maybe some fame but even that is rare) out of this. The problem is that we all love open source — whether we write open source code ourselves or use it. But we’re not keen in supporting the people writing it. We’re using the resources but don’t care if the authors can still make a living or not while we charge our clients money for using these free sources.

We shouldn’t be angry about them, we should show empathy if an accident like a security issue happens. We should support the people who caused the problem and not blame them. If we rely on the tools, we should give them some money and show them that you honour their work. If you can’t put in some money, maybe write them a letter that you like what you do and value it. Let’s change perspective on how to look at open source tools, who drives them, who benefits from them. And next time you build a project, keep that in mind. Keep in mind that you don’t know if these dependencies are evil or not. Keep in mind that not all updates will be fine, they will introduce bugs or security vulnerabilities or even carry malware. Ensure that this will not affect you that badly that you’re losing money with it.





Web Performance



Work & Life