Massive growth in open source adoption in 2018

Read time 3min 00sec
The exponential growth of open source comes with an increase in vulnerabilities.
The exponential growth of open source comes with an increase in vulnerabilities.

While the fact that open source software uptake has been increasing in recent years is not news, the magnitude of this growth coupled with the speed at which it is occurring is surprising.

This is according to Liran Tal, author of a report published last month by open source security company, Snyk: The State of Open Source Security 2019.

The report draws on information from several public and private data sources, including a survey of over 500 open source maintainers and users, published reports by a variety of vendors, and data gathered by scanning millions of GitHub repositories and packages on public registries; and internal data from the Snyk vulnerability database as well as hundreds of thousands of projects Snyk monitors and protects.

"We've seen big technology players doubling-down on open source in 2018. In every registry we reviewed, we saw an increasing rate of open source libraries being indexed in every language ecosystem," Tal said.

All but one ecosystem, RubyGems, recorded double-digit growth in new libraries added to open source registries. Top of the pile was Maven Central with 102% growth, followed by PyPI with 40%, npm with 37%, and NuGet with 26%. At 5.4%, RubyGems' growth was significantly slower, but nevertheless still experienced an uptick.

"Open source package growth translates directly into user adoption, as can be seen when looking at the download numbers for various packages in different ecosystems," Tal explained.

When examining the Python registry, for example, the more than 14 billion downloads from PyPI in 2018 was more than double the 2017 download count of around 6.3 billion. And this number could actually be higher, given a glitch in the PyPI statistics gathering services in the first half of the year.

This number, however, is dwarfed by the number of downloads form the npm registry which is core to the entire JavaScript ecosystem. This has experienced steady growth, both in the number of packages being added, and the number of downloads over the years. In 2018, there were 317 billion downloads, with 30 billion in December alone.

The report also noted the increased adoption of Docker containers which, according to data obtained from Docker, had resulted in more than a billion container downloads every two weeks over the past year, bringing the total number of downloads to date to 50 billion, with more than a million new applications added into Docker Hub in 2018.

Add to this the fact that The Linux Foundation reported in 2018 that in total, open source contributors committed over 32 billion lines of code to the operating system.

However, this exponential growth of open source comes with a caveat: a growth in vulnerabilities. The report notes that a record 16 000 new open source vulnerabilities were disclosed in 2018, up from the 14 000 reported in 2017.

"With great open source adoption comes great responsibility and risk that need to be mitigated by anyone who owns, maintains or uses this code," Tal concluded.

See also