“A recent analysis accounting for nearly 1.2 million open source software projects primarily across four major ecosystems found that only about 11% of projects were actively maintained,” reports InfoWorld:
In its 9th Annual State of the Software Supply Chain report, published October 3, software supply chain management company Sonatype assessed 1,176,407 projects and reported an 18% decline this year in actively maintained projects. Just 11% of projects — 118,028 — were receiving active maintenance.
The report also found some new projects, unmaintained in 2022, now being maintained.
The four ecosystems included JavaScript, via NPM; Java, via the Maven project management tool; Python, via the PyPI package index; and .NET, through the NuGet gallery. Some Go projects also were included. According to the report, 18.6% of Java and JavaScript projects that were being maintained in 2022 are no longer being maintained today.
Other interesting findings:
- Nearly 10% reported security breaches due to open source vulnerabilities in the past 12 months.
- Use of AI and machine learning software components within corporate environments surged 135% over the last year.