Taxonomy of 20+ failure modes that kill open source projects, from ghost maintainers and corporate orphans to benevolent zombies and API rug-pulls.
Key Takeaways
The most common death is silent abandonment: no archive flag, issues piling up, indistinguishable from a long holiday until the silence becomes unambiguous.
“Benevolent zombie” is a new failure class: Dependabot bumps plus auto-merge plus scheduled coding agents keep contribution graphs green with zero human involvement, fooling all recency-based health scores.
Succession deadlock is structurally trapped: PEP 541 and npm’s dispute policy both take longer than forking and renaming, yet the original account holds publish rights no one else can access.
About 1.7% of npm and 4% of Packagist packages point at a source repo that no longer exists, and many are still being actively installed.
Transitive death is recursive: every failure mode on the list can propagate to dependents without anything changing in their own repos.
Hacker News Comment Review
Commenters added failure modes the article missed: “overconfident fork” that never gains critical mass, maintainer rage-quit triggered by unrelated parties trying to profit off the project, and the extractive-user trap where contributors never materialize.
The fork-as-remedy has a real blocker: some maintainers become hostile to forks, creating a deadlock where neither merging nor forking is viable.
The consensus answer to “what’s the smart way” is responsible sunsetting, though neither the article nor comments define a concrete process for it.
Notable Comments
@tomwheeler: Names “overconfident fork” as a missing category, citing OpenSSH, Jenkins, and LibreOffice as counterexamples where the fork won decisively.
