Library Intentionally Corrupted by Developer Relaunches as a Community-Driven Project (fakerjs.dev) 61
Last weekend a developer intentionally corrupted two of his libraries which collectively had more than 20 million weekly downloads and thousands of dependent projects.
Eight days later, one of those libraries has become a community controlled project.
Some highlights from the announcement at fakerjs.dev: We're a group of engineers who were using Faker in prod when the main package was deleted. We have eight maintainers currently....
What has the team done so far?
1. Created a GitHub org [repository] for the new Faker package under @faker-js/faker.
2. Put together a team of eight maintainers.
3. Released all previous versions of Faker at @faker-js/faker on npm.
4. Released the Version 6 Alpha
5. Almost completed migrating to TypeScript so that DefinitelyTyped no longer needs to maintain its external @types/faker package.
6. Created a public Twitter account for communicating with the community.
7. Released the first official Faker documentation website....
Faker has never had an official docs website and the awesome Jeff Beltran has been maintaining a project called "Un-Official faker.js Documentation" for the last 3 years.
He gave us permission to re-use his work to create fakerjs.dev
8. Cleaned up tooling like Prettier, CI, Netlify Deploy Previews, and GitHub Actions.
9. Done a TON of issue triage and many, many PR reviews.
10. We've gotten in contact with the Open Collective and discussed a transition plan for the project.
We fully intend to extend Faker, continuously develop it, and make it even better.
As such, we will work on a roadmap after we release 6.x and merge all of the TypeScript Pull Requests in the next week....
We're now turning Faker into a community-controlled project currently maintained by eight engineers from various backgrounds and companies....
We're excited to give new life to this idea and project.
This project can have a fresh start and it will become even cooler.
We felt we needed to do a public announcement because of all of the attention the project received in the media and from the community.
We believe that we have acted in the way that is best for the community.
According to the announcement, they've now also forked the funding so the project's original sponsors can continue to support the community-driven development in the future, while the original developers Marak and Brian "were able to retain the $11,652.69 USD previously donated to the project."
Friday the official Twitter account for the new community project announced "It's been a week. We've merged all of the active forks. Currently at 1532 stars. Looks like everything is settling." [It's now up to over 1,800 stars.]
One of the new maintainers has posted on Twitter, "I'm just grateful to the faker community that willed itself into existence and stepped up."
Eight days later, one of those libraries has become a community controlled project.
Some highlights from the announcement at fakerjs.dev: We're a group of engineers who were using Faker in prod when the main package was deleted. We have eight maintainers currently....
What has the team done so far?
1. Created a GitHub org [repository] for the new Faker package under @faker-js/faker.
2. Put together a team of eight maintainers.
3. Released all previous versions of Faker at @faker-js/faker on npm.
4. Released the Version 6 Alpha
5. Almost completed migrating to TypeScript so that DefinitelyTyped no longer needs to maintain its external @types/faker package.
6. Created a public Twitter account for communicating with the community.
7. Released the first official Faker documentation website....
Faker has never had an official docs website and the awesome Jeff Beltran has been maintaining a project called "Un-Official faker.js Documentation" for the last 3 years.
He gave us permission to re-use his work to create fakerjs.dev
8. Cleaned up tooling like Prettier, CI, Netlify Deploy Previews, and GitHub Actions.
9. Done a TON of issue triage and many, many PR reviews.
10. We've gotten in contact with the Open Collective and discussed a transition plan for the project.
We fully intend to extend Faker, continuously develop it, and make it even better.
As such, we will work on a roadmap after we release 6.x and merge all of the TypeScript Pull Requests in the next week....
We're now turning Faker into a community-controlled project currently maintained by eight engineers from various backgrounds and companies....
We're excited to give new life to this idea and project.
This project can have a fresh start and it will become even cooler.
We felt we needed to do a public announcement because of all of the attention the project received in the media and from the community.
We believe that we have acted in the way that is best for the community.
According to the announcement, they've now also forked the funding so the project's original sponsors can continue to support the community-driven development in the future, while the original developers Marak and Brian "were able to retain the $11,652.69 USD previously donated to the project."
Friday the official Twitter account for the new community project announced "It's been a week. We've merged all of the active forks. Currently at 1532 stars. Looks like everything is settling." [It's now up to over 1,800 stars.]
One of the new maintainers has posted on Twitter, "I'm just grateful to the faker community that willed itself into existence and stepped up."
Never trust public repos (Score:5, Insightful)
This is why you should never trust public repos in prod. Always have your own, private stuff and test every release. These are basics.
Re: Never trust public repos (Score:2)
And in none of the articles I have seen there's any info about what this library do.
It doesn't serm to be a very relevant library for me if I never heard about it.
Re: (Score:2)
Agreed, this thing is apparently hugely popular, I've got no idea what it is.
Also, trying to find comments from the original author who did this, what's the link for that?
Re: Never trust public repos (Score:2)
I'm guessing it's only popular among JavaScript devs. JavaScript code is always a mess, because there is basically no idiomatic way of doing anything, largely because there is no compiler. Python at least does some basic sanity checks, but js has none at all. Basically, the same reason perl sucks balls. If I were a js developer, I probably wouldn't read the code of the libraries either, because chances are you'd spend a few hours doing so and still end up totally lost anyways, and the only one who could mak
Re: (Score:1)
Re: (Score:3, Informative)
Bet you had no idea what "left-pad" did, or how prevalent it was, before March 2016 either.
Hint: you aren't the centre of the universe, things go on around you without your knowledge.
You could have simply provided a short summary of what the library does, but instead you decided to do something entirely useless. Your choice.
That said, from https://fakerjs.dev/guide/ [fakerjs.dev]:
Faker is a popular library that generates fake (but reasonable) data that can be used for things such as:
You can use it to easily generate large amounts of relatively realistic testing data for your own code or that of others. This is often very useful.
Re: (Score:2)
In real life there often isn't time or money available to do that at many companies. So either you turn on the update feed, or you end up running 12 year old versions of Linux on production hardware.
The problem is bosses don't see any value in maintenance.
Re: Never trust public repos (Score:2)
Re: (Score:2)
My company does, yes. All updates, all libraries, everything we use runs through our internal centos repos. There's varying levels of approval and validation for different sources but short of a timebomb being introduced we should be pretty safe from stuff like this.
For my home stuff I'm lazy and absolutely don't, but that's the risk you take.
for those asking what faker does (Score:3, Informative)
it is a JS generator of random fake data that looks legitimate. e.g. random address (which may or may not exist), random e-mail, random user profile etc. its purpose is to be used in providing your web pages with meaningful test data rather than ipsum lorem.
Re: (Score:2)
Yeah, that's how it is now.
Where have you been all those years?
Re: (Score:1)
The entire library is pretty much a bunch of definitions and a couple of lists. Original author managed to get 11k$ in donations for it, then he went throwing a tantrum because something. Probably the fault of feminism according to his twitter feed.
Re: Disrespectful (Score:2)
Can you expand? I am feel likely inclined to relatively agree but would like to hear more your argument.
Re: Disrespectful (Score:2)
That's disrespectful. /s
The original developer kind of had a point (Score:2)
We don't live in a post-scarcity society. People have to earn a living, which means open source development either has to be bankrolled by companies donating their own resources, or by individuals who have other means of supporting themselves. So yeah, if you're a rich real estate developer who happens to also know how to code, great, I guess. On the other hand, if you're maintaining something you gave away for free that a lot of people are using, while you see your bills piling up, I could see how that
Re: (Score:1)
If these libraries are truly so popular, can their developers not simply secure a sponsor who is willing to pay whatever sum for visibility?
Re:The original developer kind of had a point (Score:4, Interesting)
I still hold hope that what I've seen isn't universal but in my experience, companies are happy to make millions off of free software; happy to develop it further in-house (usually without contributing back) but as soon as the project appears to be in financial trouble, they'll look for costly commercial alternatives instead of funding the free software one.
Re: (Score:1)
That is irrelevant. I do not suggest that they fund it in exchange for the product but fund it in exchange for being able to run an advertisement.
Perhaps GitHub should investigate allowing repository owners to run advertisements which would perhaps inspire far more software.
Re: (Score:2)
You make that sound so easy ...
And if the money is truly being spent in exchange for visibility, such money tends to be incredibly fickle.
Twitch, OnlyFans, etc. allow viewers to offer "tips" that are visible by all the viewers -- the open-source equivalent might be putting the name of the contributors in a README file, which is fine, but ... it's not very effective at encouraging sponsors.
If this model could be adapted to open-source software that might do it, but I have no idea how one would make it work.
A
Re: (Score:3)
There are a lot of ways to earn money from coding. The most obvious would be to sell the code instead of releasing it as open source. Another way would be to release the code as open source, but under a restrictive license (GPL or one that bans commercial use) and then charge money for a differently-licensed code. You can also provide support, add requested features for money etc.
However, the question is - how necessary are the libraries in question? I have not used them (probably not even used anything tha
Re: (Score:2)
From what I can tell the library wasn't particularly interesting, it just provided a commonly used utility function. It became referenced in numerous Stack Overflow answers that people copy/pasted. The author eventually noticed that everyone was using it, but nobody was interested in paying for it.
The real issue is that it wasn't something terribly valuable, just something that became popular because it was free and popular in low quality SO answers. There was little chance of monetizing it.
The best option
Re: (Score:1)
Or be more direct about asking for funding. Contact the big companies that us it, and request that they support the project. A few will and that's all that's needed.
Now this guy (Score:5, Insightful)
know what he could have done instead? He could have posted "Hi everyone, I'm burnt out, the open-source community is starting to get under my skin, and I'm sick of making other people money off my work and getting zilch for it. I'm gonna hand my creation over to fresh meat who will continue the utterly unrewarding maintenance work, and leave like a pro with my head held high."
Too bad that ship sailed. junior-high-school level tantrum it was.
Re: (Score:2)
And if you do that more than once, you usually find yourself with no goo
Re: (Score:1)
comeon, because someone sees a benefit to closed source? Every day every bit of software in development gets to a point were a decision will be made on how to source it. If a developer is satisfied with a private development environment as they have all the resources they need then fine. If they prefer to essentially outsource publicly and open their source code for public review then again fine. And it is possible to have closed sourced contributions downstream(feeding) open source projects you just have t
Re: (Score:2)
The entire open source community would have just shit on him, because the world is entirely cut-throat now.
No it wouldn't. The OP's scenario happens on a daily basis with many projects and the world happily forks and moves on. Stop making up scenarios that are non-existent.
Re: (Score:1)
The entire open source community would have just shit on him, because the world is entirely cut-throat now...
Nooo, that cannot happen because open source devs are never selfish and never have ideas of privileged aspiration to feed closed source projects with open source contributions..
Re: (Score:1)
Re: (Score:1)
It started a public discussion about many things. That alone to me is worth something substantial.
Re: (Score:1)
Re: (Score:3)
Re: (Score:2)
A year ago. Here try this experiment: Go to your boss and tell him you'll quit as soon as he hires someone else. I'm guessing you'll be still working a year from now too.
No one cared because he continued to maintain the project. Why would anyone care about something which works? If he had abandoned the project like he should have then it would have lied dormant for a few months until someone needed something *THEN* the community will come in and fork. And only then. There's no point forking maintenance of s
Re: Now this guy (Score:2)
Re: (Score:2)
He could also have added that he was available to hire if any company using his code wanted to.
Re: Now this guy (Score:2)
Re: (Score:1)
Aaaaaaand... Nuts and Bolts STILL aren't sexy.... (Score:2)
And nuts and bolts still aren't sexy. Just ask the NTP crowd. How did it ever come to this? Well, it probably lies at the feet of the original maintainer, but... How do you fix it once it's come so far? People will do their absolute best to not pay for sh*t when it's "free", even when the author still has a mortgage or rent payment to make and he or she has been very clear about that. 20M weekly downloads? 19K projects that depend on it? He might have went about it the wrong way but he had a VERY va
Re: (Score:2)
So he made people take notice, probably in the wrong way, but he made people take notice despite all of the noise out in the world.
There's no "probably" about it. Even if you somehow don't think deliberately breaking all other people's dependent projects is wrong... he basically destroyed any possibility he had at getting a career writing code or doing other sysadmin work.
Re: (Score:1)
Re: Aaaaaaand... Nuts and Bolts STILL aren't sexy. (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
No, he doesn't have a valid point. Nobody forced him to put his code under an open source license - he chose that. Getting mad when people follow the license you chose for your code has no valid basis. If you're developing an open source project for free and it isn't making you happy anymore, just walk away. There's never a reason to toss the grenade over your shoulder as you do so. If your project is useful and needed, somebody will probably fork it and keep going (as is happening here). If not... software
Re: (Score:1)
Licences are like operating systems, marriage agreements, and many other things. Something one would assume is chosen for technical reasons, but in reality most that chose it never bothered to investigate it, and simply do what everyone else is doing.
I've had many discussions with developers that had licensed their code under licences they clearly did not understand even the superficial details off. — A surprisingly common misconception seems to be that they can revoke it if they later regret it while
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
Technically rude but what else would have worked? (Score:2)
SSL.
It's illogical to rely on the generosity of wealthy parasites.
Huh (Score:1)
An important lesson is likely to be overlooked (Score:2)
If you want to make money from open-source software then, in essence, you need two things: (1) good-enough programming skills to develop the software; and (2) a viable business plan that enables you to make the money, for example, sell consultancy, tech support or training courses based on the software. Most open-source developers, including me, have (1) but not (2), which is fine if you are happy to do the coding as an unpaid hobby or as an altruistic gift to the world, and then you seek money from a diffe