The future of the hapi project, a prelude

[hueniverse]

First, there is an ongoing detailed and engaging conversation about this on the hapi-hour Slack channel. I am posting this issue here for those looking for the TL;DR version. I will keep this issue up to date with the latest information.

Background

Due to lack of sustainable financial support, I have decided to stop working on all @hapi open source modules by the end of the year. I have spent the past decade building what I believe to (still) be the best web framework for node. It has been a pleasure and a privilege.

For most of that time, I was able to sustain my significant time investment in the project through full time employment, sponsorships, and commercial license sales. However, over the past year that support has dropped significantly to unsustainable levels. I am no longer getting any value out of maintaining this project while continuing to generate immense financial value for major corporations using it.

I appreciate all the ideas and suggestions offered by community members as to how to try and keep my work sustainable. However, with very few generous exceptions, most developers and companies took this news without feeling any obligation to do anything about it other than to announce plans to switch to use another free framework or assume someone else will solve this for them with a fork. This is not a complaint, just the reality of open source.

It is unfortunate that companies are unable to translate the value they get out of hapi (in contrast with other solutions) and the cost of migrating to another framework and translate that into financial support.

Since at this point I have concluded that no last minute burst of support is likely, it is time to set a concrete plan for moving forward.

Community Leadership

A community effort to keep hapi going has been suggested and is being worked on by a few people. I am aware of at least one such group. I expect them to have something to share in the coming weeks. The goal is to have them start working on future versions over the next few months so that companies can evaluate the effort and decide if they want to continue using the open source version of the framework.

I will not be involved in any way in such efforts.

It is possible more than one community "fork" efforts will emerge including private forks. It is premature to say what interaction these forks will have with the official hapi account on GitHub and npm.

Next

Your options moving forward depend on the version you are using and if you feel comfortable using hapi if I am no longer involved.

Any release for a new community fork using the same module name will be a v20 even if it does not include any actual breaking changes. The fact that I will no longer be maintaining it is a social breaking change that should be opted-in explicitly.

If you decide to switch to a future v20, you do not need any commercial license. You just keep using hapi the same as before under a new team. Whether this is something you are comfortable with is up to each company to figure out. I am not going to make any official endorsements or recommendations.

If you are using v18 or older, you are already using an unsupported and unmaintained framework. You should at least upgrade to v19 to buy a commercial license to access the fully maintained v16-v19 distributions.

I will continue to support the open source v19 until the end of the year and then deprecate it. There will be no releases of hapi v19 or older under the @hapi/hapi npm module starting next year. If you stay on v19 or older you will be using a potentially insecure framework. v17 and older already have critical security issues that have not been fixed under an open source license (commercial distributions are available).

Options

• Switch to another framework by the end of the year. I will not be making any suggestions.

• Wait to see how potential community forks perform and decide if you want to use them by upgrading to a v20 or switching to a new module name. Hopefully there will be some traction before the end of the year.

• Keep using the version you have today knowing that it will no longer be maintained at the end of the year (including lack of support for future versions of node). About 40% of current hapi users already use a deprecated and insecure version - unfortunate but true.

• Buy a commercial license (available for hapi v16, v17, v18, and v19) and continue using your current version with full support including security fixes and future node versions. Commercial support is being offered at $5000/year or $500/month. The commercial license is the same BSD-3 license (you pay and get BSD terms which allow you to do anything you want with the code, same as open source, just not free). Commercial license terms are still being worked on but email eran@sideway.com if you are interested (or DM me on Slack).

Sponsorship

I great appreciate any financial support. If you would like to support my work between now and the end of the year, please consider making a GitHub sponsors contribution. I will cancel all contributions at the end of the year when I plan to stop all my open source work.

Job opportunities

I am not sure yet what I want to do next, but I am looking for new opportunities and would love to hear from you if you have ideas... eran@sideway.com

Note

This issue is not meant as an open discussion. If you have questions about the above and would like clarifications, please feel free to post a comment. However, any mention of other frameworks or general chatter will be removed to keep this space approachable to people who just want to get a quick update.

[timcosta]

It's great to hear that there will be a community effort to continue working on Hapi, though you will be missed Eran. If that community is looking for additional help, please reach out either in hapi-hour or via the email in my profile. I'm happy to contribute many hours per week.

[davidjamesstone]

Just want to echo @timcosta. It's sad to see Eran departing - thanks a million & good luck with whatever you choose to do next. It's great to hear about a community effort and I'd be happy to help. I'm familiar with the internals of some of the core ecosystem and comfortable with @hapi/bell, @hapi/vision, @hapijs/h2o2 & @hapi/yar - happy to contribute if needed.

[Icehunter]

@hueniverse you've been an inspiration in my development world. Thank you again. While I'm working quite a bit myself; I can give up to 5-10 hours a week at most I think to help with PR reviews, discussions, etc.

[AndriiNyzhnyk]

@hueniverse really sad to hear it. Anyway, good luck with whatever you choose to do next. I going to contribute to the project and help with development. I am going to do my best for it. I hope the new core team will solve all challenges and keep Hapi as the best framework for Node.js!

[giovanebribeiro]

First of all, thanks for your amazing contribution @hueniverse. Because of hapi (and your ecosystem) I've become a much better backend developer and a node enthusiast.

Good luck with your next projects and I will be very happy to contribute to this great community if needed.

[tunnckoCore]

It's terrible... But yea, that's Open Source - never will be sustainable, never will be fully understood, never will appreciate the people behind it. You may value the product, the software, and using it, but a ton of users don't even know, for example, the author, the maintainers, the people behind...

I'm constantly talking to different people for Open Source, normal people, people that are not IT or something. They just don't get it, don't understand how this is possible, why the heck we are doing it, and yet it's fact that 99% of the world is (quite literally) driven by it. The thing is, that we are orders of magnitude better and more good people, in general. We are good persons, good people, super passionate people. Not everybody can do good, constantly and consistently, for years; or just for the sake of doing it 'cos for at least your own joy.

It's a broken system and idea or lifestyle, by definition. There's no way of "fixing" it, as "sustainable open source" started to be discussed a ton in the last ~2 years.
Be good. Do good. Be kind. That's it, nothing else matters.

I'm not surprised. I was just thinking in the past year is Hapi's model working and thought it is, but it obviously is not.

I'm not using Hapi, but I feel you as an Open Sourcerer for 6+ years.
But good luck, man, sincerely!

[devinivy]

The conversation starting from here has been moved to 👉 #4113

👋 Hey all— I'm here to represent this crew that Eran has been referring to. We're here to carry hapi into 2021 and beyond, and we want to share our vision with you. Let me first say that we are feeling very positive about the future of the framework and are energized to work on it, in some cases with material backing by our employers.

Our group consists principally of core team members (former lead maintainers of hapi's direct dependencies), and members of the original team that built hapi at Walmart. It is heartening to see so much support pouring out right now— many folks have made it clear that they are interested in spending time contributing to the framework. We want to enable that: this is completely in line with our plans and we look forward to making hapi more of a community effort, but more on that later.

Within this small group you will find a former hapi Community Lead and Chief Architect at npm; a member of the Node.js TSC and libuv maintainer; several engineers working on major projects at Joyent; the finger that famously pressed "the button" on Walmart's Black Friday hapi deployment; several who provide B2B services utilizing the framework; and the creator of hapi pal, an entire sub-ecosystem of hapi. We lived hapi's history, we are aware of the pain points and blind spots, we understand all that there is to love about the framework, and we know you. Perhaps more importantly, if you've been active in the community then you probably know us! Here we are:

• Devin Ivy (@devinivy)
• Jonas Pauthier (@Nargonath)
• Lloyd Benson (@lloydbenson)
• Nathan LaFreniere (@nlf)
• Peter Henning (@petreboy14)
• Wyatt Lyon Preul (@geek)
• Colin Ihrig (@cjihrig)

This group of seven constitutes hapi's initial Technical Steering Committee (TSC). Yes that's right, we're going to have a TSC! That means that for the first time hapi is going to be taking a more distributed, community-driven approach to governance, in a similar vein to the Node.js organization. It is the TSC's job to provide technical direction, onboard collaborators, and facilitate consensus-seeking within the community. For practical reasons there is a smaller leadership team with exclusive rights to publishing new module versions: Colin, Nathan, and myself.

It's not all about making changes, though. To begin our focus will be to establish stability in maintenance and governance, making only minor adjustments along the way to achieve that goal. We'll be working closely with Eran leading up to the moment he steps away from hapi maintenance, and at that point we will release a new major version, more so to signal to the community this change in leadership than to make any significant API adjustments. Here are some things that we intend to keep, not necessarily an exhaustive list:

• Stability: no, we're not here for a rewrite.
• No external dependencies: this organization remains a safe haven from the broader node ecosystem.
• 100% code coverage: we aim to hit all code branches with integration-style tests.
• Security disclosure policy: we will continue to encourage and practice responsible disclosure.
• Close following of semver: if there is a breaking change, we'll make sure you know about it.
• Quality of release notes and migration guides: when there are changes, we won't leave you hanging.

We want to keep what's making hapi what it is today but we also have visions for the future for what hapi could become. We're looking forward to all the cool stuff we'll be adding to the project and we're excited for you to help us with that.

And for now that is the "short" of it. Hopefully this gives you a much better sense of who is working to carry hapi forward and what to expect. We understand that there are likely lots of questions coming our way. It is still relatively early in this process and there are still many details to work out, but we will try to speak to those to the best of our ability at this time! Please bear in mind this is still open source, and while we will have some employer support in the near future, this is still a community effort with lots of personal time invested as well.

That is all for now! Expect to hear more in the coming weeks and months— we hope you'll be there with us.

The conversation starting from here has been moved to 👉 #4113

[rodoabad]

Yahoo! Twitter wasn't trolling me!

[devinivy]

Hey, it's great to see all the positive reactions!

@hueniverse has requested we move the rest of the conversation over to a new issue, starting from the announcement above. We'll carry-on at 👉 #4113.