Open source libraries and packages are maintained by a single developer or group of developers. This work is generally unpaid and is often in addition to work the developer(s) may be performing as part of a full time job.
As a result of this, libraries are often abandoned, forgotten or simply fall by the wayside. Any packages that are abandoned are unlikely to receive updates, bug fixes or feature improvements.
Packages are deemed abandoned if they:
- Have not received updates in 2+ years
- Open issues exist in the issue tracker without a response from the package maintainer(s)
- Unmerged PRs exist that are largely ignored by the package author(s)
Abandoned packages are unlikely to receive updates. If a critical security issue is discovered, it may remain unresolved for the foreseeable future.
The impact to the package score is commensurate to the length of time the package has been abandoned. The longer a package is considered abandoned, the lower the package score will be.
Updated 6 months ago