阻止坏人使用我的开源项目(需要反馈)
Stopping bad guys from using my open source project (feedback wanted)

原始链接: https://evanhahn.com/stopping-bad-guys-from-using-my-open-source-project/

作者是一位相对流行的开源软件包的维护者(2025年npm下载量超过2亿),正在应对大型公司和潜在恶意实体对开源软件的利用问题。受到近期文章的影响,这些文章强调了不平衡现象——公司从免费的开源软件中获益匪浅,而贡献却很少,并且工具被用于不道德的目的——他们希望将开源理念从“免费供任何人使用”转变为主动阻止“不良行为者”使用。 他们正在寻求如何实现这一目标的建议,质疑是否需要从宽松的MIT许可证更改为其他许可证,并探索提高意识的策略,例如博客文章或文档说明。他们还考虑了维护者集体行动的可能性,以及在小型项目中使用测试方法。最终,他们的目标是为负责任的开源开发和生态系统内更公平的价值分配贡献力量。

一位开发者正在寻求反馈,以防止“恶意行为者”利用他们的开源项目。核心问题在于平衡开源的理想——自由开放——与限制被认为有害的实体使用的愿望。 评论者普遍指出这种限制不切实际。试图定义和禁止“邪恶”用途的许可被视为“毒丸”,可能会因为获取风险和“邪恶”定义的模糊性而阻止所有用户,包括合法用户。许多人认为开源是一种馈赠,试图控制其使用方式从根本上改变了它的本质,使其更接近于源代码可用但专有的软件。 有人建议使用 copyleft 许可或明确禁止商业用途等替代方案,但承认这些方案可能会限制采用。 许多评论员强调在法律框架内定义“邪恶”的固有困难,并质疑开发者是否真正想要拥抱开源原则。 也有人分享了了解许可选项的资源。
相关文章

原文

In short: I maintain a sorta-popular open source package, and I want to prevent big corporations and “bad guys” from using it. I want feedback on how to do this.

Open source and exploitation

I’ve been learning more about open source sustainability. More accurately, I’ve been learning more about how open source is exploited by large companies.

Some recent links that have influenced my view:

Overall, these ideas lead me to believe that the open source movement needs to see itself as in a larger social context. Can we shift the balance of power away from massive companies and their massive harms? Can we prevent Nazis from using our software? Should we even try?

What can I do to help?

I maintain a sorta-popular open source package. I say popular because it had over 200 million downloads in 2025 which I believe puts it in the top 0.1% of downloads on npm. I say sorta-popular because it’s not very well-known; it sits quietly in thousands (millions?) of projects, with most developers not thinking much about it. I’m not as powerful as Linus Torvalds at the helm of Linux, but I’m also not totally unknown.

But what can I do to help?

I know my goal: shift the default in open source from “it’s free for anyone to use” to “please don’t use this if you’re evil”. I don’t just want to do this for my little project; I want to slowly change the discourse. I’m not sure how to do that effectively, if it’s even possible.

Anyone have any ideas? If you maintained a sorta-popular open source package, what would you do to help?

Some specific questions I have:

  • How can I bring more attention to this issue given the relative popularity of my project? Do I write a blog post? A callout in the documentation?
  • Should I change my project’s license? It currently uses the permissive MIT License. I remain unconvinced at the societal value of “freedom to run the program as you wish, for any purpose”, often called freedom 0. I don’t want to donate my work to the bad guys!
  • Would collective action be more powerful? If so, would other maintainers participate?
  • Should I “test” this with some of my less popular projects?

I would love your ideas. Feel free to email [email protected], message me on Signal, or contact me another way.

联系我们 contact @ memedata.com