The lone person in Nebraska is an unacceptable key person risk. I think a potential non-profit business model would be to identify widely used packages that have very few maintainers and staff them up. You could have targeted solicitations to companies based upon which packages they are likely to be using.
The lone person in Nebraska is an unacceptable key person risk. I think a potential non-profit business model would be to identify widely used packages that have very few maintainers and staff them up. You could have targeted solicitations to companies based upon which packages they are likely to be using.
Imagine somebody bribing a developer of a popular package so that they add theirs as a dependency :) but looking at https://libraries.io/search?order=desc&platforms=npm&sort=dependents_count seems like we have some reasonable stats