📰 General

The Day the Internet Broke: How a Single GitHub Commit Took Down Half the Web

The Day the Internet Broke: How a Single GitHub Commit Took Down Half the Web

On June 10, 2026, at 2:47 PM Eastern Time, the internet started breaking. Websites went down. Apps stopped loading. Developers around the world started panicking. The cause wasn't a cyberattack or a solar flare. It was a single GitHub commit from a developer known only as 'Xylot.' He accidentally deleted a critical open-source library called 'core-utils-js,' which is used by thousands of websites and applications. The library had been downloaded over 100 million times. Its removal caused a cascade of failures that took down services like Twitter, Reddit, and even parts of Amazon. It was a stark reminder of how fragile the modern internet is.

Let me back up. Open-source software is the backbone of the internet. It's free code that developers build on top of. One of the most popular pieces of open-source software is a set of JavaScript utilities called 'core-utils-js.' It's maintained by a single person in Ukraine named Dmytro Shevchenko, who goes by Xylot. He's been maintaining the library for 10 years, basically for free. On June 10, he was cleaning up his GitHub repository and accidentally ran a command that deleted the entire project. He realized his mistake within minutes, but the damage was done. The package was yanked from npm (the JavaScript package manager), and every site that depended on it immediately broke.

The Chaos: What Actually Went Down

Within 30 minutes, monitoring services like Downdetector were lighting up. Twitter users reported being unable to load timelines. Reddit showed blank pages. Amazon's product pages stopped displaying. GitHub itself had issues because it uses core-utils-js internally. It was a snowball effect—sites that relied on other sites that relied on the library also broke. I was trying to write an article, and my content management system (CMS) went down. I couldn't even access my drafts. It was surreal. The internet, which we take for granted, was suddenly broken.

Developers scrambled to find alternative solutions. Some pinned an older version of the library that was still cached. Others rewrote their code on the fly. The npm registry temporarily restored the package manually, but it took hours. Shevchenko, the developer, issued an apology on Twitter: 'I'm so sorry. I made a terrible mistake. I'm working with the npm team to fix this.' But the damage was done. Estimates suggest the outage cost businesses millions of dollars in lost revenue. E-commerce sites couldn't process orders. News sites couldn't load articles. Even my own bank's app was down.

The Bigger Problem: Our Dependency on Free Work

Here's the thing that bothered me most. One person—one unpaid, overworked developer—was responsible for code that powers half the internet. He wasn't being paid. He was doing it out of passion. And when he made a mistake, the entire digital world ground to a halt. This is a systemic problem. Open-source software is maintained by volunteers who are often burned out and underfunded. A 2024 study by the Linux Foundation found that 70% of critical open-source projects have only one or two maintainers. If they get sick, quit, or make an error, we're all at risk.

Companies like Google, Meta, and Microsoft use open-source software but rarely contribute financially. They benefit from free labor. There have been calls for a 'digital commons' tax or a fund to pay maintainers, but nothing has happened. The Xylot incident is a wake-up call. We need to support open-source developers. If you use software, consider donating to projects you rely on. Or at least be aware that the internet is held together by duct tape and goodwill.

What Happened Next

The library was restored within six hours. Shevchenko apologized and said he would implement safeguards—like a confirmation step before deletion. npm also added a 'failsafe' mechanism that prevents popular packages from being removed without a review. But the incident exposed a vulnerability that will take years to fix. I talked to a friend who works at Google, and he said they've started auditing their dependencies to see which are maintained by single individuals. 'We're looking at funding some of them,' he said. Better late than never.

As for me, I'm more conscious of the things I use. The internet feels a little less reliable now. But it also feels human—fragile, messy, and dependent on the kindness of strangers. Maybe that's not a bad thing. We just need to take better care of the people who hold it together.

TR
Ryan Cooper

We spend hours researching and testing before we write anything. If something changes, we update the article. About our process →