You’ve likely heard a lot about Google’s monorepo and how it impacts the org’s development productivity, but have you heard how it makes managing their open source efforts easier as well?

Are we setting up for another wave of recession-induced open source migration? Donald Fischer weighs in:

It’s been hard to be optimistic the last few weeks. But as I look for a silver lining in the current crisis, I believe there is an enormous opportunity for organizations to get even more nimble in their use of open source.

In just a few short months, Python 2 will officially reach the end of its supported life. 💀 This means that anyone building applications in Python will need to have moved to Python 3 if they want to keep getting updates including, importantly, fixes for any security vulnerabilities in the core of Python or in the standard library.

With over 200k Python libraries extant, I have a feeling it’ll be awhile before Python 2 is put out to pasture…

We recently added a new feature Tidelift subscribers can use to discover unmaintained dependencies. After taking an early look at the data we’re getting back, it appears that about 10-20% of commonly-in-use OSS packages aren’t actively maintained.

Click through for an explainer on how they define “unmaintained” as well as a link to their tool for analyzing your app’s dependencies (email required).

Open source isn’t a charity case. We can’t expect to attract and retain level 10 players into a level 2 opportunity. So why are we treating open source maintainers and contributors like they owe us something and not finding ways to enable them to maximize the rewards they can get for playing the game?

Let’s abandon the notion that open source is exclusively charity.

In the software industry, we’re normalizing spec work in a way that the design industry successfully rallied against.

The narrative around open source is that it’s completely OK—even an expectation—that we’re all doing this for fun and exposure; and that giant companies should get huge publicity credit for throwing peanuts-to-them donations at a small subset of open source projects.

There’s nothing wrong with doing stuff for fun and exposure, or making donations, as an option. It becomes a problem when the free work is expected and the donations are seen as enough.

I think the consensus agrees that sustaining open source software takes more than just money. And yet money often remains a crucial part of a larger need for open source to sustain AND thrive. So, if that’s the case…how should you use funding for your open source project? Brenna Heaps writes on the Tidelift blog:

We’ve been speaking with a lot of open source maintainers about how to get paid and what that might mean for their project, and the same question keeps popping up: What do I do with the money?

The tldr?

Fund the project, community engagement, and pay it forward…

But, it’s a short read and worth it — so go read this and then share it with your fellow maintainers.

Everyone knows that React is one of the most popular JavaScript libraries for building user interfaces — and many users of React choose it because they think it’s supported by Facebook. But is it really? That depends on what you mean by React, and what you mean by support. Keenan Szulik writes on the Tidelift blog:

Since its release in 2013, React has grown into a proper open source phenomenon … with more than 100,000 GitHub stars, over 300,000 dependent repositories, and more than 800 contributors.

Facebook’s contributions to React and the JavaScript ecosystem around it are truly epic — the stuff of legend. But when we dive into the dependencies of the default create-react-app, only 24 of the 1,103 packages come from repositories in Facebook’s GitHub organizations. That’s less than 3% of the dependencies required to build the “Hello, World” app with create-react-app!

So who supports React?

This interview with Evan You (founder of Vue.js) is all about the path that led him to being able to work full time on open source. It’s a good read 👍

(Want to dive deeper? We’ve interviewed Evan on The Changelog #184 as well as Request For Commits #12)

Our friends at Tidelift have joined data from GitHub and their own Libraries.io, “the largest open source software dataset in the world,” — which covers over 2.8 million open source projects. They were able to combine the two datasets to gather the entire commit history of each project on GitHub to more closely examine the following questions:

1. What exactly has been Microsoft’s role in the open source community?
2. In which projects and ecosystems have they contributed most?
3. Have those contributions been focused on the large Microsoft open source initiatives, or has the company also participated in projects beyond their immediate purview?

They were also careful to clean the dataset of forks and duplicate packages which would misinform this analysis.

So what’s the verdict? Microsoft may have a mixed history with open source, but today the company is demonstrating some impressive traction when it comes to open source community contributions. If we are to judge the company on its recent actions, the data shows what Satya Nadella said in his announcement about Microsoft being “all in on open source” is more than just words.

Donald Fischer:

Over the last several months, we engaged with over 1000 professional users and maintainers of open source software through surveys and live conversations. We wanted to learn what’s working for them and what’s not. Turns out, people had a lot on their minds.

The result of these conversations was the creation of Tidelift subscriptions, which are described as:

paying for “promises about the future” of your software components.

Click through to read the nitty, gritty details. There are some interesting opportunities here:

Tidelift provides a means for maintainers to band together in a scalable model that works—for everyone. Those who build and maintain open source software get compensated for their effort—and those who use their creations get more dependable software, delivered via a Tidelift subscription.

Ben Nickolls:

since we know open source software takes time to make, and that time isn’t free, how do open source projects pay the bills today? Here are some of the common ways

He discusses patronage, subsidies, and products/services.