As web developers, we heavily rely OSS packages. One popular example is Day.js, a JS lib for parsing, validating, manipulating, and formatting dates. It's a widely-used alternative to Moment, with over 17mil weekly downloads on npm.<p>A critical bug was discovered in Day.js (see: <a href="https://github.com/iamkun/dayjs/pull/2118">https://github.com/iamkun/dayjs/pull/2118</a>) causing incorrect date manipulation (add, subtract) when in UTC TZ. This could have severe implications for any project relying on Day.js for date-related functionality. However, the maintainer of the project appears to be unresponsive, leaving the bug unresolved and the future of the library uncertain.<p>This raises some important questions for our community:<p>- At what point should we consider a widely-used OSS project "abandoned" if the maintainer is unresponsive?<p>- Is forking the project the best solution, or should we first try to reach out to the maintainer through other channels?<p>- Are there established community guidelines around responsiveness expectations for widely-used OSS projects?<p>- What are successful examples of community-driven forks or maintenance after a maintainer stepped away?<p>I am very aware that many of these developers give their spare time for free for these projects, with little or no payment, and I am very thankful for all their work. This developer does get some money (a small amount?) through OpenCollective, and possibly also works for a company (in China?) that makes a UI library, which I think uses Day.js internally.