Opinion: Careless big-time users are treating FOSS repos like content delivery networks

  • Maeve@kbin.earth
    link
    fedilink
    arrow-up
    11
    ·
    10 hours ago

    In one case, a department store’s team of 60 developers generated more traffic than global cable modem users worldwide due to misconfigured React Native builds bypassing their Nexus repository manager. He detailed extreme examples, such as large organizations downloading the same 10,000 components a million times each month. “That’s ridiculous,” Fox said. Throttling efforts led to “brownouts” via 429 errors, but patterns mutated, forcing a “Whack-a-Mole” game, especially since most consumption is headless and unnoticed. Registries are also burdened by commercial use, with companies publishing closed source components or massive SDKs as free CDNs. Fox noted that top publishers release gigabyte-scale artifacts daily, unlike in typical open source projects.