←back to thread

Open Source is one person

(opensourcesecurity.io)
433 points LawnGnome | 1 comments | 28 Aug 25 01:54 UTC | HN request time: 0s | source
Show context
aniviacat ◴[28 Aug 25 11:03 UTC] No.45050701[source]
> So while NPM has over 4 million single person projects, they have about 900,000 maintainers for those 4 million single person projects. This will be an important data point at the end.

Am I missing something or was it not, in fact, an important data point at the end?

replies(1): >>45057087 #
1. gamerdonkey ◴[28 Aug 25 21:11 UTC] No.45057087[source]
I didn't see it explicitly stated, but I think it supports the "overworked" part of this statement:

> Open source, the thing that drives the world, the thing Harvard says has an economic value of 8.8 trillion dollars (also a big number). Most of it is one person. And I can promise you not one of those single person projects have the proper amount of resources they need. If you want to talk about possible risks to your supply chain, a single maintainer that’s grossly underpaid and overworked. That’s the risk. The country they are from is irrelevant.