Whilst working on Libraries.io, I often stumble across libraries that appear to be used by an incredible amount of open source projects but often don’t have any of the usual signs of being a popular project on GitHub.
Take debug_inspector for example:
- 25 stars
- 21 commits
- 4 contributors
- 5 watchers
- 4 forks
- 2 open issues
- Last commit over 2 years ago
At face value if the GitHub page you’d be forgiven for mistaking it as a small, project that’s barely used, when in fact it’s listed as a dependency in over 111,000 open source projects!
Libraries.io has a number of different pages for exposing interesting and unexpected lists of libraries, including ones with a low bus factor and ones that have been yanked from their package manager, so I thought I’d add one to show the most unappreciated but highly used libraries.
This afternoon I shipped the Unseen Open Source Infrastructure page: https://libraries.io/unseen-infrastructure
To paraphrase Arfon Smith on Request for Commits #3, “Stars on GitHub are a measure of attention, more akin to a Like on Facebook than a measure of quality or usage”, this page shows hundreds of projects that are depended upon by at least 1,000 other open source repositories but have less than 100 stars.
Any of these projects could be the next left-pad or Heartbleed where an underlying, critical library is highly used but has very little attention paid to it. An unnoticed security issue or abandoned project could potentially could result in hundreds of thousands of affected software applications.
You can help these projects and the communities that depend upon them by reviewing the code for these libraries, helping out with open issues, sharing them on social media and thanking the maintainers for their hard, often unrewarding work to keep things running behind the scenes.
Something that Ben and I are planning to do a lot more of over the next year and beyond is help to highlight and support the open source software that is critical to today’s technology infrastructure.
Another area that needs exploring is system level package managers like apt and yum, which contain even more important and often overlooked libraries that often aren’t hosted on a social platform like GitHub but are still critical to world of software.
If you’d like to get involved, the whole project is open source and we’d love to help you get started contributing, or if you’d like to build tools on top of all this data, check out the Libraries.io REST API