The Register recently published a story titled Putin on the code: DoD reportedly relies on utility written by Russian dev. They should be ashamed of this story. This poor open source developer is getting beat up now to score some internet points. It’s very upsetting.
But anyway, let’s look at some receipts.
If you’re not real smrt, it seems like pointing out an open source project is written by one person in a country you don’t like is a bad thing. It could be. But it also could be the software running THE WHOLE F*CKING PLANET is written by one person. In a country. But we have no idea which country. It’s not the same person mind you, but it’s one person.
https://opensourcesecurity.io/2025/08-oss-one-person/
So what do we mean by one person is open source. What I mean is if we look at all the projects that ecosyste.ms is tracking, how many have a single person maintaining that project? It’s about 7 million.
7 million projects of the 11.8M projects tracked by ecosystems are maintained by one person.
Looking at NPM in particular:
About half of the 13,000 most downloaded NPM packages are ONE PERSON.
In conclusion:
Open source, the thing that drives the world, the thing Harvard says has an economic value of 8.8 trillion dollars (also a big number). Most of it is one person. And I can promise you not one of those single person projects have the proper amount of resources they need.