<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Pay the maintainers: responsible maintainership (and incentive to continue)

Bill Nottingham
by Bill Nottingham
on November 17, 2022

Don't miss the latest from Tidelift

At Tidelift, we are interested in helping our maintainers thrive. Sometimes that means paying them to maintain their work. Sometimes it means helping them when they don’t want to be paid to maintain a project any more—here’s a recent example of this, starring the SockJS library.

What is SockJS?

WebSockets is a protocol for two-way communication between a client (such as a web browser) and a server (such as a web application) that allows for easier asynchronous and real-time updates. Many of the most interactive web applications are built on top of WebSockets, which was standardized in 2011.

However, not all browsers at the time supported it, and other pieces of internet infrastructure such as proxies sometimes interfered. In 2011, SockJS was created as a cross-browser JavaScript API that provided WebSocket-like behavior that could be used whether the underlying system supported WebSockets or not.

SockJS contains both a client and server implementation. It’s directly used by over 800 JavaScript packages, including both the Meteor and Next.js frameworks, and is downloaded over 11 million times per week. It’s important that SockJS stay maintained and secure for those platforms that are built on it.

How was SockJS maintained?

Eight years ago, Bryce Kahle took over maintainership of SockJS from the original author. He was using it in his day-to-day work, and it made sense to help out. In 2018 he signed up with Tidelift to support his work.

As SockJS was a fairly mature project, Bryce noted that the majority of his work recently was updating dependencies due to security issues—critical work to keep his downstream users safe.

A search for new maintainers

As time went on, though, circumstances changed. Bryce’s full time job was no longer working with JavaScript, and he described his SockJS work as being mostly on autopilot. In May of 2022, Bryce put out the call looking for a new maintainer to step in.

As of August, he had not found a new maintainer yet. He reached out to Tidelift noting that he was intending to stop maintenance of his SockJS packages. After some discussion, we amplified his call for new maintainers to our community of maintainers to see if someone would be interested in picking up maintenance.

The community steps up

Asif Saif Uddin is an open source Python developer, the maintainer of the Celery project, and has partnered with Tidelift since 2018. He saw the call for a new maintainer and responded to Bryce. When asked, Asif mentioned a few reasons why he picked it up:

  • It’s a popular package that needed another hand.
  • It was backed by Tidelift, so he had the confidence he had support and the motivation of being paid for maintenance (after years of maintaining projects for free).
  • It was a learning opportunity, and Bryce was very helpful with insights on the project.

Bryce worked to hand over maintainership, and Asif is now the upstream maintainer of the SockJS project. He also has signed up to continue partnering with Tidelift for SockJS maintenance.

Supporting each other

This is how open source should work—it’s OK that motivations change over time, and people should feel free to pick up and put down projects when it’s right for them. Tidelift is here to support maintainers—both when they are maintaining their packages, and also if they need to step down for whatever reason.

We’re thankful for the work that Bryce has done over the years, and thankful to Asif for stepping up to continue maintenance. When you support maintainers, everyone can benefit.

Watch our on-demand webinar "Why SCA tools aren't enough"