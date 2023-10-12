A recent analysis accounting for nearly 1.2 million open source software projects across four major ecosystems found that only about 11% of projects were actively maintained.

In its 9th Annual State of the Software Supply Chain report, published October 3, software supply chain management company Sonatype assessed 1,176,407 projects and reported an 18% decline this year in actively maintained projects. Just 11% of projects—118,028—were receiving active maintenance.

The four ecosystems included JavaScript, via NPM; Java, via the Maven project management tool; Python, via the PyPI package index; and .NET, through the NuGet gallery. According to the report, 18.6% of Java and JavaScript projects that were being maintained in 2022 are no longer being maintained today.

Sonatype also found that open source projects that are consistently maintained outperform counterparts on critical best practices for software security.

The 62-page report blends public and proprietary data and analysis, including dependency update patterns for more than 400 billion Maven Central downloads and thousands of open source projects. It also incorporates survey results from 621 engineering professionals and security trends from the four major software ecosystems. Additional findings from the report: