Next time your Node.js project runs npm install, take a look at the dependency tree. Somewhere in there, probably in dozens of places, you will find packages maintained by one person: Sindre Sorhus.
The numbers
1,100+ npm packages. Not a typo. Eleven hundred. These include got (HTTP requests), execa (process execution), globby (file matching), p-limit (concurrency control), ora (terminal spinners), slugify (URL slugs), and hundreds more.
Collectively, his packages receive billions of downloads per month. They are dependencies in projects from Microsoft, Google, Meta, and virtually every company that ships JavaScript.
What “unsung” really means
Everyone uses his code. Almost nobody knows his name. He does not work at a big company. He does not have a VC-funded startup. He is an independent open source maintainer living in Norway, funded through GitHub Sponsors.
Think about that. The person who arguably has the single highest dependency footprint in the JavaScript ecosystem pays his rent through voluntary donations from the people who depend on his work.
Why this is both beautiful and terrifying
Beautiful because it proves that one person with talent and discipline can create something used by billions of people. No team. No funding round. No permission needed.
Terrifying because if Sindre Sorhus decides to stop maintaining his packages, or gets sick, or burns out, a significant portion of the npm ecosystem starts to rot. Not immediately. Slowly. Security vulnerabilities go unpatched. Compatibility breaks accumulate. Dependencies that thousands of projects rely on become unmaintained.
We have seen this before. The left-pad incident was 11 lines of code and broke the internet for half a day. Sindre’s packages are 1,100 libraries deep.
The open source sustainability question
Every tech company on Earth uses open source software. Very few pay for it. The gap between “this software is critical to my business” and “I should pay the person who maintains it” is one of the most uncomfortable truths in tech.
Sindre is not asking for sympathy. He chose this path. But the rest of us should ask ourselves: if we depend on someone’s work for our livelihoods, should that person have to depend on our charity for theirs?
Sindre Sorhus’s work is available at github.com/sindresorhus. If your company depends on his packages, consider sponsoring him.