Unpkg, a content delivery network (CDN) that powers more than 4 billion requests per day, went down for several hours on Friday morning. The outage broke the thousands of websites that use the open-source CDN, leaving developers scrambling for a fix.
The outage appeared to have started around 4AM ET, with sites returning a 520 error from Cloudflare, which powers Unpkg. Many developers affected by the outage switched to jsDelivr, another open-source CDN for GitHub and the package manager npm, in order to keep their sites online. Unpkg started coming back online at around 9AM ET. That’s when Fly.io — the service that Unpkg’s origin server uses to provide auto-scaling infrastructure — announced that it “deployed a fix” to recover affected sites.
Even though the outage was resolved within hours, it marks yet another example of how fragile the volunteer-led coding ecosystem is. In late March, a developer discovered a malicious backdoor in the data compression tool XZ Utils. Popular Linux distributions, such as Red Hat and Debian, incorporate the tool, leaving a ton of systems at risk. Fortunately, the flaw was uncovered before the bad actor could carry out a massive cyberattack.
Much of the web is dependent on open-source projects run by developers who don’t even get paid. So, if you know an open-source dev, maybe treat them to a cup of coffee today.