Open source software is a cornerstone of our industry, but there are risks associated with using it. Colors and faker were both extremely popular open source projects, downloaded millions of times every week, and then their developer sabotaged his own projects and stopped systems all over the world working. This isn’t the first time something like this has happened. In this episode Dave Farley, author of Continuous Delivery and Modern Software Engineering, explores our relationship with open source and explores the questions, was the author of colors.js and faker.js a hero or a fool, and do companies that rely on oss take advantage of its authors? -------------------------------------------------------------------------------------- 📚 BOOKS: 🚨 MY NEW BOOK! 👉 📖 Dave’s NEW BOOK "Modern Software Engineering" is now available on Kindle ➡️ https://amzn.to/3DwdwT3 (Paperback version available soon) In this book, Dave brings together his ideas and proven techniques to describe a durable, coherent and foundational approach to effective software development, for programmers, managers and technical leads, at all levels of experience. 📖 "Continuous Delivery Pipelines" by Dave Farley paperback ➡️ https://amzn.to/3gIULlA ebook version ➡️ https://leanpub.com/cd-pipelines 📖 The original, award-winning "Continuous Delivery" book by Dave Farley and Jez Humble ➡️ https://amzn.to/2WxRYmx NOTE: If you click on one of the Amazon Affiliate links and buy the book, Continuous Delivery Ltd. will get a small fee for the recommendation with NO increase in cost to you. ------------------------------------------------------------------------------------- Also from Dave: 🎓 CD TRAINING COURSES If you want to learn Continuous Delivery and DevOps skills, check out Dave Farley's courses ➡️ https://bit.ly/DFTraining 📧 JOIN CD MAIL LIST 📧 Keep up to date with the latest discussions, free "How To..." guides, events, online courses and exclusive offers. ➡️ https://bit.ly/MailListCD ------------------------------------------------------------------------------------- LINKS: Description from Sonatype ➡️ https://blog.sonatype.com/npm-libraries-colors-and-faker-sabotaged-in-protest-by-their-maintainer-what-to-do-now Open Source Software (Wikipedia) ➡️ https://en.wikipedia.org/wiki/Open-source_software “The Cathedral and the Bazaar” ➡️ https://en.wikipedia.org/wiki/The_Cathedral_and_the_Bazaar Faker email: https://marak.com/blog/2021-04-25-monetizing-open-source-is-problematic Best practices for using open source software ➡️ https://snyk.io/blog/open-source-npm-packages-colors-faker/ GitHub security Advisory ➡️ https://github.com/advisories/GHSA-5rqg-jm4f-cqx7 Bomb making ➡️ https://abc7ny.com/suspicious-package-queens-astoria-fire/6425363/ “Fork this or pay me” ➡️ https://news.ycombinator.com/item?id=25032105&p=2 Open Source Definition ➡️ https://en.wikipedia.org/wiki/The_Open_Source_Definition Business Models for OSS ➡️ https://en.wikipedia.org/wiki/Business_models_for_open-source_software How to support OSS ➡️ https://opensource.com/article/19/4/ways-support-sustain-open-source ------------------------------------------------------------------------------------- CHANNEL SPONSORS: Equal Experts is a product software development consultancy with a network of over 1,000 experienced technology consultants globally. They increase the pace of innovation by using modern software engineering practices that embrace Continuous Delivery, Security, and Operability from the outset ➡️ https://bit.ly/3ASy8n0 Harness helps engineers and developers simplify and scale CI/CD, Feature Flags and Cloud Cost Management with an AI-powered platform for software delivery. ➡️ https://bit.ly/3Cfx3qI Octopus are the makers of Octopus Deploy the single place for your team to manage releases, automate deployments, and automate the runbooks that keep your software operating. ➡️ https://octopus.com/ SpecFlow Behavior Driven Development for .NET SpecFlow helps teams bind automation to feature files and share the resulting examples as Living Documentation across the team and stakeholders. ➡️ https://go.specflow.org/dave_farley ----------------------------------------------------------------------------------------