←back to thread

Open Source is one person

(opensourcesecurity.io)
433 points LawnGnome | 3 comments | 28 Aug 25 01:54 UTC | HN request time: 0.001s | source
1. ivanjermakov ◴[28 Aug 25 16:27 UTC] No.45054096[source]
Too bad the notion of completed/finished/done software is very weak. In theory, there it nothing wrong with an OSS project made by one person.

I would like to see the LOC these one-person projects with >1M downloads have. I suspect most of these are a simple Node/browser/OS API single-file wrappers that are simple to get right and treat it as complete.

At the same time such projects are easy to verify upon adding as dependency. Lately, I've just copy-pasted relevant parts of a library to my project because adding it as a dependency has a cost. I doubt this is a common practice though, especially in NPM land.

replies(2): >>45057980 #>>45074853 #
2. tracker1 ◴[28 Aug 25 22:58 UTC] No.45057980[source]
I think it can go both ways... I've definitely copied code into a project more than once. I've also directly written the following line of code into a lot of places, just because of import overhead and convenience when needed.

    const sleep = (ms) => new Promise(r => setTimeout(r, ms));
I also with push for just straight SVG with JSX instead of the massive charting libraries everyone seems to bring in... similar when I seem moment.js ... I don't know why more people don't generate/refer to the resource usage outputs. If anything comes close to the base React or MUI libraries, it gets yanked if at all possible. Or at LEAST load it async and only where necessary.
3. sgbeal ◴[30 Aug 25 14:12 UTC] No.45074853[source]
> Too bad the notion of completed/finished/done software is very weak.

FWLIW, this simple definition suffices for me: software is complete insofar as it requires no changes to do what its maintainers would like to do with it at the current point in time.

"Complete" software frequently changes to "incomplete" as the desires of the maintainer(s) change(s), and may just as quickly revert to "complete" as changes are made.

This definition does not consider the desires of non-maintainers because there's _always_ at least one such person who wants a given pieces of software to do their one weird thing (which the maintainer(s) will not ever add).