On June 10, 2026, at 2:47 PM Eastern Time, the internet started breaking. Websites went down. Apps stopped loading. Developers around the world started panicking. The cause wasn't a cyberattack or a solar flare. It was a single GitHub commit from a developer known only as 'Xylot.' He accidentally deleted a critical open-source library called 'core-utils-js,' which is used by thousands of websites and applications. The library had been downloaded over 100 million times. Its removal caused a cascade of failures that took down services like Twitter, Reddit, and even parts of Amazon. It was a stark reminder of how fragile the modern internet is.
Let me back up. Open-source software is the backbone of the internet. It's free code that developers build on top of. One of the most popular pieces of open-source software is a set of JavaScript utilities called 'core-utils-js.' It's maintained by a single person in Ukraine named Dmytro Shevchenko, who goes by Xylot. He's been maintaining the library for 10 years, basically for free. On June 10, he was cleaning up his GitHub repository and accidentally ran a command that deleted the entire project. He realized his mistake within minutes, but the damage was done. The package was yanked from npm (the JavaScript package manager), and every site that depended on it immediately broke.
The Chaos: What Actually Went Down
Within 30 minutes, monitoring services like Downdetector were lighting up. Twitter users reported being unable to load timelines. Reddit showed blank pages. Amazon's product pages stopped displaying. GitHub itself had issues because it uses core-utils-js internally. It was a snowball effect—sites that relied on other sites that relied on the library also broke. I was trying to write an article, and my content management system (CMS) went down. I couldn't even access my drafts. It was surreal. The internet, which we take for granted, was suddenly broken.
Developers scrambled to find alternative solutions. Some pinned an older version of the library that was still cached. Others rewrote their code on the fly. The npm registry temporarily restored the package manually, but it took hours. Shevchenko, the developer, issued an apology on Twitter: 'I'm so sorry. I made a terrible mistake. I'm working with the npm team to fix this.' But the damage was done. Estimates suggest the outage cost businesses millions of dollars in lost revenue. E-commerce sites couldn't process orders. News sites couldn't load articles. Even my own bank's app was down.