Open Source Friday with Jordan Harband and NPM

Duolingo

• GitHub Copilot increased Duolingo's productivity by 25% and improved the learner experience.
• GitHub is essential to Duolingo's engineering and helps create a better experience for learners.

Open Source Friday

• Open Source Friday discusses package dependencies and their impact on projects.
• Jordan Harband, a principal open-source architect at Herodevs, shares his experience in open source.
• Herodevs provides long-term support for end-of-life open-source software, ensuring security and stability for users.
• Herodevs partners with maintainers and contributes financially to open-source projects, supporting the ecosystem and allowing maintainers to focus on development.

Maintaining Open-Source Software

• Jordan Harband's journey in open source began with small contributions and gradually led to maintaining impactful packages.
• Maintaining JavaScript shims led to involvement in the TC39 standards committee.
• The speaker expresses concern about the wide reach of their code and the potential impact of breaking changes, emphasizing backward compatibility and semantic versioning.
• Jordan highlights the potential unintended consequences of moving fast and breaking things, citing the example of a social network's motto potentially contributing to the erosion of democracy.
• The speaker advocates for a cautious approach, emphasizing the importance of considering the impact on users and the responsibility that comes with maintaining widely used software.
• Breaking changes in popular packages can have significant consequences for users, especially if they are widely used transitively.
• Maintainers of popular packages face difficult choices when making breaking changes, as they may have to choose between supporting older versions or leaving users vulnerable to security risks.
• It is important for maintainers to minimize breaking changes and to provide users with ample time to upgrade before forcing them to do so.
• Backporting security fixes to older versions can help to mitigate the risks associated with breaking changes.
• Encouraging financial contributions to open-source projects can help to support maintainers and allow them to spend more time on maintaining their projects.
• Maintainers should avoid finding themselves in scenarios where they have to make difficult choices about breaking changes by minimizing breaking changes and providing users with ample time to upgrade.
• The speaker discusses the challenges of maintaining open-source software and the importance of making breaking changes at the right time.
• Encouraging users to adopt new versions of software can be difficult, especially when there is no clear benefit or incentive.
• Two-factor authentication can be an effective way to protect packages from being compromised, but it can also limit adoption.
• When making breaking changes, it is important to make it as easy as possible for users to upgrade.

Supporting Open-Source Software

• Developers can set up their projects for success by using packages from a registry, writing thorough tests, and using linting and type systems.
• Companies should encourage their employees to participate in the sustainability of open-source software by contributing financially and otherwise.
• Open-source software maintainers need financial support to continue their work.
• GitHub Sponsors, Tidelift, and Open Collective are platforms that allow individuals and organizations to sponsor open-source projects.
• It is important for companies to actively participate in the open-source ecosystem by financially supporting the projects they depend on.
• Contributors can support open-source projects by contributing code, documentation, or money.
• HeroDevs recently partnered with Bootstrap to support versions 3 and 4.
• Developers should keep their dependencies updated using tools like Renovate or Dependabot.
• Employers should sponsor open-source projects instead of individuals.
• Maintainers appreciate any amount of financial support, even small donations.