Open Source Friday with Jordan Harband and NPM

24 Mar 2024 (9 months ago)
Open Source Friday with Jordan Harband and NPM

Duolingo

  • GitHub Copilot increased Duolingo's productivity by 25% and improved the learner experience.
  • GitHub is essential to Duolingo's engineering and helps create a better experience for learners.

Open Source Friday

  • Open Source Friday discusses package dependencies and their impact on projects.
  • Jordan Harband, a principal open-source architect at Herodevs, shares his experience in open source.
  • Herodevs provides long-term support for end-of-life open-source software, ensuring security and stability for users.
  • Herodevs partners with maintainers and contributes financially to open-source projects, supporting the ecosystem and allowing maintainers to focus on development.

Maintaining Open-Source Software

  • Jordan Harband's journey in open source began with small contributions and gradually led to maintaining impactful packages.
  • Maintaining JavaScript shims led to involvement in the TC39 standards committee.
  • The speaker expresses concern about the wide reach of their code and the potential impact of breaking changes, emphasizing backward compatibility and semantic versioning.
  • Jordan highlights the potential unintended consequences of moving fast and breaking things, citing the example of a social network's motto potentially contributing to the erosion of democracy.
  • The speaker advocates for a cautious approach, emphasizing the importance of considering the impact on users and the responsibility that comes with maintaining widely used software.
  • Breaking changes in popular packages can have significant consequences for users, especially if they are widely used transitively.
  • Maintainers of popular packages face difficult choices when making breaking changes, as they may have to choose between supporting older versions or leaving users vulnerable to security risks.
  • It is important for maintainers to minimize breaking changes and to provide users with ample time to upgrade before forcing them to do so.
  • Backporting security fixes to older versions can help to mitigate the risks associated with breaking changes.
  • Encouraging financial contributions to open-source projects can help to support maintainers and allow them to spend more time on maintaining their projects.
  • Maintainers should avoid finding themselves in scenarios where they have to make difficult choices about breaking changes by minimizing breaking changes and providing users with ample time to upgrade.
  • The speaker discusses the challenges of maintaining open-source software and the importance of making breaking changes at the right time.
  • Encouraging users to adopt new versions of software can be difficult, especially when there is no clear benefit or incentive.
  • Two-factor authentication can be an effective way to protect packages from being compromised, but it can also limit adoption.
  • When making breaking changes, it is important to make it as easy as possible for users to upgrade.

Supporting Open-Source Software

  • Developers can set up their projects for success by using packages from a registry, writing thorough tests, and using linting and type systems.
  • Companies should encourage their employees to participate in the sustainability of open-source software by contributing financially and otherwise.
  • Open-source software maintainers need financial support to continue their work.
  • GitHub Sponsors, Tidelift, and Open Collective are platforms that allow individuals and organizations to sponsor open-source projects.
  • It is important for companies to actively participate in the open-source ecosystem by financially supporting the projects they depend on.
  • Contributors can support open-source projects by contributing code, documentation, or money.
  • HeroDevs recently partnered with Bootstrap to support versions 3 and 4.
  • Developers should keep their dependencies updated using tools like Renovate or Dependabot.
  • Employers should sponsor open-source projects instead of individuals.
  • Maintainers appreciate any amount of financial support, even small donations.

Overwhelmed by Endless Content?