It almost feels like it's easier to list which fundamental projects have more than one active maintainer.

Many of the core library and tools are mostly finished and have very little yearly activity. How many maintainers does a project have if the last activity was one or two commits made or maybe just merged by one maintainer 3 years ago, and few more 5 years ago. Does it count as 2 maintainers, 1 maintainer, 0 maintainers? Does the "maintainer" from 5 years ago still have commit permission and how likely are they to get involved if some merge requests show up.

Even for active projects it's very common for 90% of work being done by one main maintainer.

- curl: Daniel Stenberg et al. - https://github.com/orgs/curl/people

- Lua (programming language): team of 3 - https://www.lua.org/authors.html

- openssl: 15 people - https://github.com/orgs/openssl/people

maybe also: sqlite, vim, nginx, redis

In this thread: Wildly different definitions of what "widely used" means :)

Did you know tools like uname [1] and cat [2] in GNU coreutils have essentially only had two contributors in the past decade?

[1] http://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=histor... [2] http://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=histor...

Time Zone Database

https://github.com/eggert/tz/graphs/contributors

https://en.wikipedia.org/wiki/Tz_database

It would probably be easier to enumerate the small number of projects which have a larger amount of maintainers. I think the vast majority only have a few maintainers.

Just curious what arrangement theses people have.

-do their employers recognize their effort and give hours to the side projects?

-they mostly contractors so can arrange their time accordingly?

-donations?

-or is it mostly a hobby done out of passion?

Note that the situation will not be much better for closed sourced projects.

Sure, your vendor will probably fix bugs, but it may take some time until they find someone who has any knowledge of that codebase and survived last week's reshuffle, the re-org in spring and last year's buyout.

Nice try Jia Tan!

In some sense, the ubiquitous "unzip" has 0 maintainers.

Per the upstream, https://infozip.sourceforge.net/, "UnZip 6.0 was released on 29 April 2009".

But there are not truly 0 maintainers, because distros maintain their own patchsets, for example: https://git.launchpad.net/ubuntu/+source/unzip/log/

(By the way, unzip is arguably not feature complete. The ZIP spec has been updated multiple times since 2009, with the notable addition of the Zstandard compression method, among other things https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT)

SQLite - https://www.sqlite.org/draft/crew.html

bash and readline - Chet Ramey. Both originally by Brian Fox https://twobithistory.org/2019/08/22/readline.html

maybe less of a bus factor now with OSH approaching feature/speed parity and having more maintainers https://www.oilshell.org/

Byte Buddy - runtime code generation for the Java virtual machine - https://github.com/raphw/byte-buddy

> It is stable and in use by distinguished frameworks and tools such as Mockito, Hibernate , Jackson, Google's Bazel build system and many others. Byte Buddy is also used by a large number of commercial products to great result. It is currently downloaded over 75 million times a year.

If you really want to dwelve into this, while the applications have plenty of cases let's not forget the underlying libraries that "everyone" depends on.

Not only software but also infrastructure & protocols: N.T.P.: — https://www.newyorker.com/tech/annals-of-technology/the-thor...

I found it quite a good read!

PCRE https://github.com/PCRE2Project/pcre2/issues/426

There's been some research into the topic:

https://www.researchgate.net/publication/308894462_What_is_t...

JSON Schema is the industry standard schema language for JSON, used by big players like OpenAPI and by an insanely high number of APIs and products out there.

The TSC core team stays at ~6 people (I'm one of them)

Edit: I missed the "widely used" part.

[Orca](https://gitlab.gnome.org/GNOME/orca). Very important for blind Linux desktop users. If you like frameworks more, [ATSPI](https://gitlab.gnome.org/GNOME/at-spi2-core), or [AccessKit](https://accesskit.dev/) may fit you more. Or, if you like contributing others' apps, take a look at how you could make them more accessible, with these [Tips for application developers](https://github.com/GNOME/orca/blob/main/README-APPLICATION-D...).

Liblzma rather infamously.

OmegaT is widely used in the professional translation world and maintained by 1 person with a very few active contributors (except for localizers).

https://omegat.org

Mocha js testing framework is widely used and maintained by a small team https://github.com/mochajs/mocha/issues/5027

VLC - VideoLan

https://github.com/orgs/videolan/people

As i recollect, GnuPG was also a one man band for some time.

Jia Tan is looking for a new project ?

Not very typical "widely used" project but recently surpassed 100k+ installs with two people working on it part-time.

https://github.com/heyform/heyform

Expat

LibreSSL

Linux-PAM

OpenSSH

re2c

tzdata

zlib

Those are just the ones that came to mind.

Perfect software doesn't need to be maintained. TM

Coolify! https://github.com/coollabsio/coolify

Kapitan

https://github.com/kapicorp/kapitan

e2fsprogs (https://github.com/tytso/e2fsprogs) is a widely-used utility suite for creating, maintaining, and repairing ext2, ext3, and ext4 filesystems

dnsmasq. Running on billions of of devices (including Android), one guy (Simon Kelley).

This has been observed before https://xkcd.com/2347/

Imagemagick

wireguard [1] https://www.wireguard.com/repositories/

Rich. 197 million downloads a month. There are two maintainers.

flex & bison. Especially flex seems close to unmaintained.

quic-go: https://github.com/quic-go/quic-go/

see the success of laravel https://github.com/laravel/laravel

husky (git hooks) https://github.com/typicode/husky

All of them!

Php

FastAPI

All the better ones. The more maintainers, the quality goes down. Down to total destruction

GnuPG and Werner Koch comes to mind, there was this HN thread 10 years ago https://news.ycombinator.com/item?id=9003791

Also Fabrice Bellard of FFMpeg and his projects comes to mind.

I might be wrong too.

zlib: Mark Adler

ncurses/xterm: Thomas Dickey

People ask this question a lot in academia. The system just about incentivizes creating dupliware and/or abandonware that is critical to a domain, field, or niche, so there is tons of it (there is also A LOT of very good stable software, but ignoring this for now). This makes it very difficult for new parties to find open source software they can rely on, for funders to determine what software to support, for institutions to track their contributions, etc.

I am working on a project solving for this specific question (and many others), across the open source and open science ecosystems, starting with open source research software but ultimately intends to touch the whole space. Among other things, we want to take continuous measurements of the health of open source projects, the use of open source projects, the perception of open source projects, the "impact of open source projects", and the needs of open source projects. We are combining data collection with stigmergic markers and eventual webs of trust.

It is incubated by NumFOCUS, and includes collaborations from across the academic industry.

Bringing it here for your thoughts.

The project is called "The Map of Open Source Science" (MOSS) and is built on the "Simply Omniscient Layer" (SOL). It is essentially an omniscient open permissionless graph database of the digital knowledge and research ecosystems, as well as a corresponding visualization (eventually people will be able to build their own visualizations interfacing with SOL).

Very recent presentation at PyData Vermont: https://www.youtube.com/watch?v=7c51njj9JPs

Recentish update: https://www.opensource.science/updates/the-map-of-open-sourc...

Landing page for the program: https://opensource.science

From our site:

"MOSS is a comprehensive, composable, interactive map of the digital knowledge and research ecosystems. We identify connections between open source research software projects, research papers, organizations, patents, datasets, funding pathways, AI models and applications, and the people who drive it all.

The MOSS proof of concept so far demonstrates nine use-cases:

Identify relevant tools for your research

Showcase the impact and connections of the people that make and maintain open source research tools

Showcase the impact and connections of the organizations that build, support, and fund development of open source research tools

Showcase the impact and connections of open source research tools

Identify gaps in open source research tooling

Navigate repetition of open source research tool features

Identify, prevent, and reinvigorate abandoned open source research tools

Streamline the grant submission and review process

Navigate security flaw identification - who to contact, what downstream tools are effected, what alternative tools exist"

Most of the projects I am aware of :-)

see the success of laravel

google's leveldb

bash

dokku

brew

curl

Linux Kernel

People used to fight for upstream factories to return the water they used clean to the river. It was an ecologist's fight.

Now corporations do projects with 5 or more zeroes in budget and a high percentage of the code is free software or open source. And they give 0 back to free or open projects that they parasite.

I wrote an article years ago in my blog (in Spanish, sorry), "Free software has failed": https://tomatesasesinos.com/2019/07/11/el-software-libre-ha-...