When code reviews feel hostile: One dev's journey.

April 04, 2026

Code reviews can feel hostile when perfectionism and anxiety collide. This week we're hearing how one developer with no plans to join an OSS community found npmx, and how one imperfect PR and a brilliant community completely changed her perspective on code reviews. We're also exploring what open source maintainers actually need (CodeRabbit pledged a million dollars in cash), examining how projects must adapt to the AI coding era, learning why software needs patchable architectures before vulnerabilities hit, and playing with Linux's most useless command.

This is edition #57 of the We ❤️ Open Source newsletter. Made and curated by real humans.🙂 

DevOps Days is Coming to Raleigh!

April 30 - May 1.

We're thrilled to announce DevOps Days will take place in Raleigh April 30 - May 1. Many in our community have attended, but many have not. It is highly recommended. Devopsdays is a worldwide series of technical conferences covering topics of software development, IT infrastructure operations, and the intersection between them. Each event is run by volunteers from the local area.

Articles

The open source communities that thrive in the AI era will be the ones that treat these files as seriously as they treat their test suites, their linters, and their CONTRIBUTING guides. Not as a nice-to-have detail, but as a first-class project artifact that encodes what the project stands for, and that ensures every AI agent touching the codebase - whether contributing or reviewing - understands that too.

WHY WE ❤️ IT: This timely article addresses a topic MANY in our community are discussing today, and the great Mark Headd is just the person to do it.

Code reviews can be rough, especially when perfectionism and PR anxiety collide. One developer had no plans to join an OSS community until npmx changed that. What followed was one imperfect PR, a brilliant community, and a whole new take on code reviews. Read her story.

WHY WE ❤️ IT: This article is a real-life case study based on Abbey's recent personal experience. The "Tips for PR authors and reviewers" section is particularly powerful because of it. Added bonus... Abbey is an amazing technologist!

Most organizations struggle with dependency vulnerabilities because their software was never designed to be patched. Artem Karasev explains why dependency debt is a security problem, not just an engineering concern, and how CISOs can advocate for patchable architectures before the next incident hits.

WHY WE ❤️ IT: We particularly love the "Designing for patchability early in the software lifecycle" section of this article. It addresses a common challenge we hear about often - unnecessary dependency sprawl.

What's in your technology toolbox?

The fortune command is completely pointless, but Learn Linux TV shows you how to have fun with it anyway. Generate random jokes, combine it with cowsay for penguin-delivered humor, and discover why this useless command actually makes a great addition to server login messages.

From the We ❤️ Open Source Podcast

CodeRabbit pledged a million dollars in cash for open source maintainers. Why cash over free tools? Erik Thorelli explains what 100,000 projects reveal about AI code review, how light agency layers augment developers without replacing them, and why tool exploration is the ultimate software engineering life hack.

Wrap Up

If you've made it this far (thank you!), check out everything we do, our YouTube channel with 1000's of open source talks, the many meetups we host around the southeast and NYC, the All Things AI spring event we co-host, and of course All Things Open, the largest open source tech conference on the US east coast.

We hope you learn something new this weekend!

- Jason & Todd

How did you like the newsletter?

Login or Subscribe to participate in polls.