The September 2025 Working Together Towards Sustainable Open Source open letter raised the alarm about the economic sustainability of open source package registries, highlighting how rising adoption and the pace of innovation are placing new and growing pressures on open source package registries. Those pressures have only accelerated in the time since the letter, amplified by the adoption of AI coding agents and tools.
But what are the real economics of an open source package registry? Beyond obvious infrastructure costs, there’s significant, often invisible work required to keep registries running, maintained by a small number of staff and volunteers. It’s more than just uploads and downloads. It’s strengthening security as threats evolve, continuously improving the developer experience, and more.
To ensure long-term sustainability, the registries have formed a Sustaining Package Registries Working Group hosted by the Linux Foundation to collaborate on and share community-aligned strategies and offerings. The right set of strategies will vary by registry and evolve over time, and some registries have already rolled out new approaches.
Behind the Scenes of a Package Registry
Registries today run primarily on two things: (1) infrastructure donations and credits; and (2) heroic efforts from small paid teams (themselves funded by donations and grants) and unpaid volunteers that operate and maintain registry services. The bulk of donations and grants comes graciously from a small set of donors who care about the value of package ecosystems, but even these donations don’t scale with demands on the registries.
