Hey everyone,<p>My name is Thomas, one of the original founders of cdnjs along with Ryan (linked below by another commenter).<p>We originally posted cdnjs on Hacker News in 2011 -> <a href="https://news.ycombinator.com/item?id=2828516" rel="nofollow">https://news.ycombinator.com/item?id=2828516</a><p>The project was originally created on AWS Cloudfront, Ryan and I thought we could handle the bills. In retrospect that was incredibly naive so we were fortunate to partner with Cloudflare.<p>At the time, cdnjs was a baby, Cloudflare had just started entering the market.<p>In short, Cloudflare always owned the domain, cdnjs.cloudflare.com, meaning, we were constrained to work under the DNS level.<p>We have both put considerable amounts of work into the project, but nothing compared to the community and the "core" contributors. I put "core" into quotes because for the last 5 years, cdnjs has largely been run by a highly dedicated man named Peter.<p><a href="https://github.com/PeterDaveHello" rel="nofollow">https://github.com/PeterDaveHello</a><p>Peter built enormous amounts of infrastructure to support cdnjs. He is extremely diligent, intelligent and determined.<p>The project was Ryan's and I "baby" but we were happy to relinquish control, sorry for all the "buts", but we were not in a position to control due to the technical and commercial reasons.<p>Ryan and I have never personally profited off the project, we've only paid bills and late night ssh sessions.<p>Conversations are underway to move forward, it is likely that the project will move to an unpkg setup (assets are just mirrored to npm).<p>A lot to say, but I'm at a lack of words.<p>Happy to answer any and all questions.
I am a former maintainer / librarian on cdnJS. I helped out some years ago when I wanted to learn how version control and git worked. This was in the pre-automation era (2013 to 2014 in my case), and I went through the existing libraries to find outdated instances, located new versions of the same, raised the PR to update it. All good.<p>Back then, and I don't know how much has changed, the libraries were maintained on GitHub and CloudFlare did the hosting. I wasn't aware of any problems with either organisation doing what they were doing, the system worked just fine. The founders (see <a href="https://cdnjs.com/about" rel="nofollow">https://cdnjs.com/about</a> for confirmation) Thomas and Ryan were around, but not super active. Thomas was involved in building out some of the automation infrastructure, but the day-to-day of updating the repo was largely undertaken by the maintainers, and that was fine. I never 'met' either founder, but we had occasional email back and forth and they were grateful for my maintainer-ing.<p>I used the GitHub Mac app because I was finding my way. Whenever I changed any library, the action of the app checking a HUGE repo for any changes pegged my laptop for a few minutes every time. Not ideal, but the process of doing this librarian-ing helped me learn about a heap of stuff.<p>According to [1] I stopped on cdnJS mid-2014. Things got a bit twitchy for me when a library (edit: jPlayer) was pulled from the file structure because it was compromised (edit: XSS) or found malicious at release. I had a couple of user complaints directed at me because I was the one that added it in good faith originally (it passed the malware checks I ran on it). The founders stepped up to explain it wasn't me that was to blame, and one person didn't take that too well -- basically they found me on other software forums, posted threats to me and explained how the library that I had added, and someone else had removed, was crucial to their business and they'd lost such-and-such dollars in revenue with that library 404-ing without notice and that they were coming to find me and extract the money from me by force. It all died down a few weeks later.<p>[1] <a href="https://github.com/petecooper?tab=overview&from=2014-12-01&to=2014-12-31" rel="nofollow">https://github.com/petecooper?tab=overview&from=2014-12-01&t...</a><p>Edits: clarity.
There's a lesson here for anyone who dreams of getting famous maintaining something in the open source world - if it grows huge and you're not willing to share control (and fame, and maybe money) you can't take really a break from it. You will always have to be there or risk losing it very quickly.<p>Software development at scale is about much more than code. It's about maintaining relationships with people, being willing to trust other people can do good work without your input, and sharing responsibility for what you started. All the really awesome open source projects have people who are good at those things at their core.
I guess the lesson to learn here is that you shouldn't rely on externally hosted assets. Just host it yourself, its not that hard. If you're concerned about the bandwidth cost, you should probably charge more for the service your providing.
Hello from Cloudflare! We're involved with CDNJS as we host the CDN-part of the project. We will support CDNJS and the sites which rely on it, period. If your site uses CDNJS you can trust it will continue to be fast and functional.<p>We have engineers currently working with the CDNJS team to get updates happening again. Once that is done we will start to think about the best way to keep CDNJS updating without requiring as much human intervention in the future. Thanks for your patience and feel free to ask any questions here.
This is why I recommend jsDelivr instead: <a href="https://www.jsdelivr.com/" rel="nofollow">https://www.jsdelivr.com/</a><p>It's a free CDN that automatically pulls from NPM or Github based on repo URL without any submission/approval bottlenecks. It's also more robust with multiple CDN and DNS providers.
Looks like the "founder" is <a href="https://github.com/ryankirkman" rel="nofollow">https://github.com/ryankirkman</a>.
Doesn't look like he's MIA but rather distracted / doing something else.
Well, I've read the whole linked Issue and only then understood that it's not in fact CJDNS[1]. The latest commit there is Aug, 6, which is very frustrating. I'd love to see HN crowd paying more attention to such projects.<p>[1] <a href="https://github.com/cjdelisle/cjdns/" rel="nofollow">https://github.com/cjdelisle/cjdns/</a>
Really sad to see this, I remember relying on cdnjs at a few old jobs over the years. Hope they get this sorted.<p>If anyone is looking for alternatives, I created Pika CDN as a modern alternative for cdnjs/jsdelivr/unpkg. It runs off of npm (so no approval bottlenecks) and is 100% modern ESM (so you can `import` every package directly in the browser without a bundler).
<a href="https://www.pika.dev/cdn" rel="nofollow">https://www.pika.dev/cdn</a>
Hypothetical question - what if a "founder" of a widely adopted service like cdnjs becomes incapacitated or dead, is everyone supposed to just follow a fork or is there some kind of provision to hand over control to someone? How can the successor be chosen in such cases?
> No direct financial sponsorship (or any funding) for core maintainers to work on cdnjs<p>Unpopular opinion ahead: I find that demanding money after “voluntarily” contributing to an open-source almost offensive to the spirit of OSS. Money changes the incentives around a community project in an irreversible way. Note that the issue here has nothing to do with financial support.<p>EDIT: This is regarding the “core maintainers” comment in the linked thread, and not a judgement of anyone’s ability. I gave away years of my own time to open source projects earlier in my career. It was very rewarding in many ways, even financially - what I learned made me a lot better at my job.<p>Am I not allowed to be ok with that, and believe that a paid contribution model is not ideal for OSS?