The Linux Foundation and the Harvard Innovation Science Laboratory have listed the top open source application libraries.

This is a list headed by lodash, react, axios, debug, @babel/core, express, semver, uuid, react-dom and jquery, libraries used by projects of all kinds, from Linux, to Apache web server, through LibreOffice and many others.



They comment that the data in this new report comes from the analysis of the code bases of thousands of companies, data provided by Snyk, Synopsys Cybersecurity Research Center (CyRC) and FOSSA. FOSSA is the only native open source management platform for developers, and has the largest license inventory and vulnerability database available. FOSSA was founded to provide the most relevant, real-time, end-to-end governance for all third-party code.

The list created serves to know what were in fact the most popular open source application libraries, packages and components, and helps them stay alive.

The log4j logging package, for example, became a major security issue recently, affecting tens or hundreds of millions of devices and programs. This is an example of how it is important to have a strong visibility of the software, to be able to review it more carefully and ensure its quality at all times.

You have to understand which packages are the most critical to society so that you can proactively support them.

In creating the list, they discovered that there is a need for a standardized naming scheme for software components, that there is a need to clean up the complexities of package version control, that the number of contributors to certain projects needs to be expanded, that it is critical to improve individual developer account security and that there is a need to clean up legacy software in the open source space.

You have the list in this PDF document (click here).