Security News > 2022 > April > Rise in npm protestware: another open source dev calls Russia out
Developers are increasingly voicing their opinions through their open source projects in active use by thousands of software applications and organizations.
While for the longest time open source software has been reliable, community-fuelled, and efficient in that it takes out the need to reinvent the wheel, the recurring cases of voluntary self-sabotage by maintainers have cast doubts on the overall reliability of the ecosystem.
In contrast, the publication of destructive 'node-ipc' versions drew sharp criticism from developers, with some calling it "a huge damage" to the credibility of the whole open source community.
Open source software largely started out as a way to promote an "Open development process," simplify licensing, and better engage with the users and a community of developers who can peer-review and improve software through active participation.
While version control platforms like GitHub are traditionally associated with software development and source code, cost-free registries like npm simplify the hosting and distribution process for developers looking to ship and use each other's finished apps that run out of the box.
The recurring incidents of developers voluntarily withdrawing their code from the internet or sabotaging their own projects to accentuate a bigger idea have prompted software consumers to re-evaluate the open source model as it stands today, and engage in a public dialogue that is overdue.