A collaborative study by the Linux Foundation, the Laboratory for Innovation Science at Harvard, and software composition analysis providers highlighted the critical challenges and trends in the open-source software landscape, according to DevOps.
In their analysis of over 12 million software library observations titled the Census III of Free and Open Source Software – Application Libraries, the organizations reported that 96% of codebases utilize open-source components. Popular npm packages such as React.DOM, React, Lodash, Axios, and Express ranked among the most widely used.
The report noted a significant increase in cloud-specific packages and adoption of languages like Rust for memory-safe software. Meanwhile, migration from Python 2 to Python 3 continues to progress. However, challenges persist, including limited contributor bases, which present cybersecurity risks as cybercriminals may target key maintainers for account takeovers. Legacy versions of packages remain accessible, increasing the likelihood of vulnerabilities being exploited. To address these issues, the study uses a security framework from the Open Source Security Foundation to rank packages that require urgent attention.
