Blog

The Double-Edged Sword of Open Source

I really do love open source. I love being able to build software that I know people will be able to make great use of. I love that we can extend already existing open source software, and I love that we’re able to put licenses on our code and explain where and how it can be used.

But open source is a truly double-edged sword. There are countless stories on Twitter of people explaining how they were taken advantage of, or how they lack the resources to keep maintaining a project.

The Faker.js Controversy

Recently, a library called faker.js was nuked by its author in an attempt to make a “political” point. Wildly unsuccessful and, in my opinion, extremely immature. However, the community responded quickly and forked the project into @faker-js/faker. This allowed developers to easily switch their projects to use a 100% API-compatible, up-to-date, and community-managed version of the library. The original author, Marak Squires, ultimately deleted the original repo. To make matters worse, Squires also placed malicious code in another of his projects, colors.js, which caused an infinite loop in victims’ systems.

But why did this happen? Thanks to the wonderful archive.org, we can see old and deleted posts explaining Marak’s frustrations. This is a common sentiment within the open source community. Famously, Marak wrote “No more free work” and elaborated on his frustration in lengthy posts.

The Open Source Dilemma

Okay, so he’s frustrated with people taking open source for granted. What’s the solution? Companies like OpenCollective and GitHub are taking the initiative to provide a direct, low-fee method of sponsoring open source projects. Big companies like Discord, Stripe, and Microsoft have sponsored small and large projects, often getting their name featured in the README as a thank you. While we’re not completely there yet, we’re moving in the right direction.

The Motion Monetization Model

An interesting twist in the open source debate came with a JavaScript library called Motion. It stirred the community with its unique monetization strategy. The library exists on npm and can be installed like any other Node module, but there is no GitHub URL for the package. Instead, the README on npm states:

Become a sponsor and get access to the private Motion One repo. File issues, read the changelog and source code, and join discussions that help shape the future of the API.

Essentially, you can use the module and read its documentation for free, but accessing the source code requires a paid subscription. This model provides valid incentives for companies, such as auditing the codebase for security or understanding the implementation to learn from it.

The Downsides

However, this raises questions. One of the great benefits of traditional open source is the ability for anyone to freely learn how something works. Can we even call Motion an open source project? Additionally, many individual developers, especially students or those just starting out, may not have the financial means to support projects. These are the very people we want to educate about programming, so cutting them off isn’t a win.

Fastify’s Advertising Success

Another example of open source challenges is Fastify. Its creator, Matteo Collina, is active on Twitter and has shared the struggles of maintaining and growing the project. One key factor in Fastify’s success has been advertising. By promoting the project, Fastify has stayed mainstream, attracted more users, and ultimately secured sponsorships. Matteo has explained that without this effort, Fastify might not have been maintained as well—or at all. Currently, Fastify has two core maintainers and a core team of 16 contributors.

Room for Innovation

There’s plenty of room for innovation in the open source space. I’m excited to see where initiatives like GitHub Sponsors and OpenCollective lead us. With more large tech companies spreading the word about open source, the future looks bright.

Thanks for reading!