←back to thread

Open Source is one person

(opensourcesecurity.io)
433 points LawnGnome | 1 comments | 28 Aug 25 01:54 UTC | HN request time: 0.201s | source
Show context
ivanjermakov ◴[28 Aug 25 16:27 UTC] No.45054096[source]
Too bad the notion of completed/finished/done software is very weak. In theory, there it nothing wrong with an OSS project made by one person.

I would like to see the LOC these one-person projects with >1M downloads have. I suspect most of these are a simple Node/browser/OS API single-file wrappers that are simple to get right and treat it as complete.

At the same time such projects are easy to verify upon adding as dependency. Lately, I've just copy-pasted relevant parts of a library to my project because adding it as a dependency has a cost. I doubt this is a common practice though, especially in NPM land.

replies(2): >>45057980 #>>45074853 #
1. tracker1 ◴[28 Aug 25 22:58 UTC] No.45057980[source]
I think it can go both ways... I've definitely copied code into a project more than once. I've also directly written the following line of code into a lot of places, just because of import overhead and convenience when needed.

    const sleep = (ms) => new Promise(r => setTimeout(r, ms));
I also with push for just straight SVG with JSX instead of the massive charting libraries everyone seems to bring in... similar when I seem moment.js ... I don't know why more people don't generate/refer to the resource usage outputs. If anything comes close to the base React or MUI libraries, it gets yanked if at all possible. Or at LEAST load it async and only where necessary.