Blog Post

Nutrient is committed to open source, and here’s why that’s not changing anytime soon

Claudio Ortolina
Illustration: Nutrient is committed to open source, and here’s why that’s not changing anytime soon

Hi everyone. I’m Claudio, the CTO at PSPDFKit. Earlier in this series, Jonathan, our CEO, did a fantastic job addressing some of the myths about open source and PDFium, which is the open source PDF engine our products are built upon. However, I want to provide a different perspective when clearing up common misconceptions about open source technology. So in this third installment of the Fact vs. fiction series, I’ll explore the tremendous assets available using open source.

Myth — Open source technology is too disorganized to maintain

We understand that to some people, open source projects might appear to be too convoluted because of the sheer number of developers that can contribute to the codebase. The very concept could seem inherently unstructured, like an invitation to utter chaos. But that’s just not the case. This post will look at how open source can be run successfully by larger companies, but it’s also maintained quite well by smaller organizations.

Fact #1 — Open source brings clear visibility and open accountability to the table

Successful open source projects that have a strong community are paired with visible issue trackers, open discussion forums, and clear collaboration guidelines. PDFium, the open source project that we forked and support, follows this formula.

Quick explainer: Wrapping vs. forking — What’s the difference?

When working with open source projects, contributors have two options for how to leverage the source code: wrapping or forking. If you decide to wrap an open source library, you take the software as-is and embed it within your own product or service. It’s a short path to success; however, you don’t benefit from being an active participant within that community.

This approach has two major downsides: You limit yourself from helping to shape the future of the project, and you have no idea how to provide adequate technical support to your users, since you’re not a contributor to the project. This isn’t our approach.

In contrast, when forking a project, you take on the full responsibility of the project and how it operates within your software or service. By forking PDFium, we ensure it’s safe and secure for our clients and that it’s compatible with our suite of products and services. Over the years, we’ve enjoyed contributing bug fixes back to the project to the benefit of everyone (and not just our customers). This is why our code commits to PDFium are running in Google Chrome, Microsoft Edge, Brave, the Android operating system, and other products and services that you use throughout your day.

We’re fully able to support our users because we’re committers to the PDFium project itself — along with Google, Microsoft, and Dropbox.

PDFium: The beauty of open accountability

Take a look at the image below for an overview of the open issues (comprised of new features, tasks, enhancements, and bugs) for PDFium.

PDFium chart showing a list of issues organized by ID, type, status, priority, milestone, owner, summary and labels, and last date of modification

This is a great example of what I mean by visibility! Issues are open to the public, with distinct accountability and ownership of tasks. This type of visibility helps drive the success of the project, and it fosters trust among the contributors and users of PDFium (of which there are many).

I strongly encourage you to look at the stats for yourself. Since PDFium started as an open source project, and as of the date of writing, more than 1,900 issues have been created, and more than 75 percent are already closed.

So why are we supporting PDFium? It’s a mature open source project used by large companies (like Google, Microsoft, Amazon, and Dropbox), and it has code contributions from startups and individuals. As a result, PDFium has a healthy mix of participants contributing to the codebase, and each stakeholder benefits from shared research, security audits, bug fixes, and performance enhancements.

Any of the developers working at the companies that are working on (or with) the PDFium project can audit and improve the source code when it’s needed. Not only that, but because open source is a critical component of several pieces of high-volume software, it receives constant maintenance and updates — which brings me to my second point.

Fact #2 — We’re not alone; the business world functions on the back of open source technology

In the last Fact vs. fiction article, Jonathan covered some household names that incorporate open source software. This time around, let’s talk about more technical aspects of the benefits of open source and the many different places it shows up in the business world. In fact, I’d venture to say that the business world depends on open source technology on a regular basis.

Programming languages

At the end of the day, software needs to be written in some sort of programming language. Here’s an array (no pun intended) of languages, compilers, and runtimes that are open source:

  • Java/JVM

  • Many JavaScript runtimes

  • .NET runtime (C#, VB.NET)

  • Many C++ compilers

  • Python

  • PHP

  • Ruby

  • Swift

  • Kotlin

  • Rust

Web/UI frameworks

When you want to make an interactive website, you’re going to need to use a web/UI framework. In fact, almost every major web/UI framework is open sourced, but here’s a small sample you’re likely familiar with:

  • React

  • Next.js

  • Ruby on Rails

  • Django

  • Vue.js

  • jQuery

  • Angular

Databases

At some point, after you’ve received some data from a user (or a system), that data needs to be stored somewhere. Here are some popular open source databases:

  • MySQL

  • PostgreSQL

  • SQLite

  • MongoDB

  • MariaDB

Code editors, IDEs, and developer tooling

When a developer needs to write code quickly and efficiently, the tool of the trade is a code editor. And after the code is compiled or tested, it needs to be deployed somewhere. Here are some code editors and development operations tools that are open source:

  • VS Code

  • Eclipse IDE

  • Atom

  • The IntelliJ platform

  • Vim

  • Emacs

  • Kubernetes

  • Git

  • Docker

As you can see, in the business world, open source technology is not only unavoidable, but it’s literally the foundation. The world today wouldn’t be where it is without the cumulative contributions of open source software.

Summary: The benefits of PDFium

So now you’ve seen how pervasive open source technology is in the business world. However, let’s narrow things down a bit to focus on the direct benefits of PDFium.

  • The PDFium project has been stress tested by more than a trillion different documents, and it’s used in server, desktop, and mobile environments.

  • Anyone can audit and improve the PDFium source code wherever needed. Anyone!

  • By being a critical component of several pieces of high-volume software, it receives constant maintenance and updates.

  • It has a transparent vulnerability management process, with standardized escalation paths and publicly documented CVEs.

In other words, shared effort by all participants results in significant gains for everyone involved. In contrast, a closed-source engine can only be as safe or robust as the effort put in by the company that produces it. And unless the company has a public disclosure policy, there’s no way to determine how secure the technology is.

FAQ

What is PDFium and why is Nutrient committed to it?

PDFium is an open source PDF rendering engine that Nutrient uses to ensure high-quality, secure, and compatible PDF processing. Nutrient is committed to PDFium because it provides clear visibility, open accountability, and benefits from a large community of contributors including Google, Microsoft, and Dropbox.

What are the advantages of using open source technology like PDFium?

Open source technology like PDFium offers transparency, continuous updates, and collective security improvements. It allows multiple organizations and individual contributors to audit, enhance, and maintain the code, resulting in a robust and reliable platform.

How does Nutrient contribute to the PDFium project?

Nutrient contributes to the PDFium project by forking the code, ensuring it’s secure and compatible with its suite of products, and actively submitting bug fixes and improvements. These contributions benefit the entire community by enhancing the overall quality and security of the PDFium engine.

What are the differences between wrapping and forking open source projects?

Wrapping an open source project involves using the software as-is without active participation in its development, while forking involves taking responsibility for the project’s maintenance and contributing back to its development. Nutrient prefers forking PDFium to ensure direct involvement in its evolution and support.

Why is open source technology important for the business world?

Open source technology is crucial for the business world because it underpins many foundational software components, from programming languages to databases and development tools. It promotes collaboration, innovation, and transparency, making it a reliable choice for building and maintaining critical business applications.

Explore related topics

Share post
Free trial Ready to get started?
Free trial