Security News > 2022 > April > Third npm protestware: 'event-source-polyfill' calls Russia out
While for the longest time open source software has been reliable, community-fuelled, and efficient in that it takes out the need to reinvent the wheel, the recurring cases of voluntary self-sabotage by maintainers have cast doubts on the overall reliability of the ecosystem.
This marks the third major protest of 2022 by an open source developer leveraging his vastly used software to express opinions on a matter of public interest.
In contrast, the publication of destructive 'node-ipc' versions drew sharp criticism from developers, with some calling it "a huge damage" to the credibility of the whole open source community.
Open source software largely started out as a way to promote an "Open development process," simplify licensing, and better engage with the users and a community of developers who can peer-review and improve software through active participation.
While version control platforms like GitHub are traditionally associated with software development and source code, cost-free registries like npm simplify the hosting and distribution process for developers looking to ship and use each other's finished apps that run out of the box.
The recurring incidents of developers voluntarily withdrawing their code from the internet or sabotaging their own projects to accentuate a bigger idea have prompted software consumers to re-evaluate the open source model as it stands today, and engage in a public dialogue that is overdue.