The core-js author has been in jail for 18 months, and what will happen to the open source projects downloaded 26 million times a week?

2020/04/0111:08:39 technology 1881

Lei Feng.com AI Source Chuang commentary reported that

is a sturdy Russian programmer named Denis Pushkarev (Denis Pushkarev), and his hobby is motorcycle racing. [1]

The core-js author has been in jail for 18 months, and what will happen to the open source projects downloaded 26 million times a week? - DayDayNews

[Lei Feng net note: Russian programmer, motorcycle enthusiast, Dennis Pushkarev]

was driving at a speed of 60 km/h in an accident and hit two pedestrians, one person Death at the scene. According to the laws of the Russian Federation, he was sentenced to 18 months imprisonment, deprived of the right to drive for two years, and fined 1.38 million rubles. [2]

The core-js author has been in jail for 18 months, and what will happen to the open source projects downloaded 26 million times a week? - DayDayNews

[Lei Feng net note: Russian court rejected the appeal]

Dennis pleaded guilty, but requested a shortened sentence. An appeal was filed in November 2019, and the appeal has now been rejected. The problem with

is that Dennis is also very sturdy in writing programs. He is the author of JavaScript's modular standard library core-js, which is downloaded through the npm package manager, and it is up to 26 million times a week. [3] Even Apple's web services use this library. [4]

The core-js author has been in jail for 18 months, and what will happen to the open source projects downloaded 26 million times a week? - DayDayNews

[Lei Feng net note: core-js has super popularity and downloads] The real problem is

. If Dennis has been in the classroom for so long, who will maintain this library?

The open source

core-js by one person is not supported by the company. In fact, it is a Polyfill (plug-in) of the JavaScript standard library written by Dennis, a bit like a putty for decoration, filling and smoothing out the defects. In Web development, implement the latest standards on older browsers that do not support HTML5. It is the most common and popular way to patch the JavaScript standard library.

Dennis spent 5 years in his spare time writing this library and is still looking for new full-time jobs. He thought of various ways to raise funds in order to maintain open source projects. The result is a monthly sponsorship of US$57, which is only better than nothing.

He also thought of the way of advertising, the method is to appear log-style text ads after the npm installation. But no advertisers are willing to pay for it.

Now, facing high fines and 18 months in jail, the problem has become very serious. Community user nathanjd asked a question that everyone cares about, "If you are in prison, who will maintain it?" [5]

Dennis did not provide an answer. A project contributor, slowcheetah, claimed that he could have some time to fix critical bugs and major updates, and showed that he has "collaborator" rights. But it is not clear whether this can sustain the progress of the project. The challenge of

open source project

Another JavaScript encryption library jsrsasign has also encountered a similar challenge. Since April 2018, the project has not had any activity. However, 350 projects on npm completely rely on this library, and the projects are also favored by influential companies such as Microsoft and Mozilla. [6]

Someone pointed out that many projects in the JavaScript community have such a problem, that is, the author of the project is the only maintainer, especially for these heavily used projects, not by one person, but by a fund Will come to control.

The core-js author has been in jail for 18 months, and what will happen to the open source projects downloaded 26 million times a week? - DayDayNews

[Lei Feng Net Note: Image Source: Pixabay Owner: Boskampi]

However, the real problem lies here, and a solution is needed. GitHub community and security senior product manager Ben Balter responded that if the project maintainer fails to respond, GitHub has a process for transferring account ownership, such as transferring it to a partner or colleague. At the same time, maintainers are encouraged to transfer projects from personal accounts to the organization. Not only can they get advanced community management functions, they can also add other maintainers as co-owners. [7]

These all depend on the choice of the project maintainer. Some netizens also suggested that the project can be forked and maintained by another person. But forking for npmIn terms of other packages that rely on this name, it doesn't help.

Finally, some netizens suggested, have you ever thought that Dennis can continue to maintain this project in the prison library? Reference source for

:

[1] Dennis’ personal webpage, https://vk.com/xrock

[2] Court decision, https://kraevoy--alt.sudrf.ru/modules.php?name=sud_delo&srv_num=1&name_op =doc&number=1733512&delo_id=4&new=4&text_number=1

[3] core-js library, https://www.npmjs.com/package/core-js

[4]https://www.apple.com/legal/internet- services/news/notices-acknowledgements.html

[5]https://github.com/zloirock/core-js/issues/548issuecomment-494112872

[6]https://github.com/kjur/jsrsasign

[7]https: //www.theregister.co.uk/2020/03/26/corejs_maintainer_jailed_code_release/

technology Category Latest News