is this project dead?

[creative-ae]

i was considering to start a new project using sails, however, seeing that the last update was in 2020, prevents me from using this project.

so the question is : is this project dead ?

[sailsbot]

@creative-ae Thanks for posting! We'll take a look as soon as possible.

In the mean time, there are a few ways you can help speed things along:

• look for a workaround. (Even if it's just temporary, sharing your solution can save someone else a lot of time and effort.)
• tell us why this issue is important to you and your team. What are you trying to accomplish? (Submissions with a little bit of human context tend to be easier to understand and faster to resolve.)
• make sure you've provided clear instructions on how to reproduce the bug from a clean install.
• double-check that you've provided all of the requested version and dependency information. (Some of this info might seem irrelevant at first, like which database adapter you're using, but we ask that you include it anyway. Oftentimes an issue is caused by a confluence of unexpected factors, and it can save everybody a ton of time to know all the details up front.)
• read the code of conduct.
• if appropriate, ask your business to sponsor your issue. (Open source is our passion, and our core maintainers volunteer many of their nights and weekends working on Sails. But you only get so many nights and weekends in life, and stuff gets done a lot faster when you can work on it during normal daylight hours.)
• let us know if you are using a 3rd party plugin; whether that's a database adapter, a non-standard view engine, or any other dependency maintained by someone other than our core team. (Besides the name of the 3rd party package, it helps to include the exact version you're using. If you're unsure, check out this list of all the core packages we maintain.)

---

Please remember: never post in a public forum if you believe you've found a genuine security vulnerability. Instead, disclose it responsibly.

For help with questions about Sails, click here.

[eashaw]

Hi @creative-ae,
No, Sails is not dead and is still maintained.
We recently celebrated the project's 11th birthday, and our last release was Sails 1.5.3 in August 2022.

You can read @mikermcneil's statement on the current state of Sails here: https://gist.github.com/mikermcneil/4e03180398298bd3bf22394a7b72d012

We also recommend checking out @mikermcneil's Sailsconf 2021 talk here: https://youtu.be/_T-UR9mU4-o

[sudo-apt-get-updates]

I've reported two vulnerabilities which really only require an update to the package.json to patch and never received a response after many months (and it's still not patched). Also there are multiple serious vulnerabilities with the client-side lodash library which can be viewed on Pagespeed, this has also not been patched. Most of the updates that are done are fixes to typos in the docs. Most of the updates to Waterline were done 3-5 years ago. And Sails.js core has 489 issues and in 2022 received about 19 updates (guess how many of them are updates to the docs)

I would say the project has been mostly abandoned. The Sails.js team seems to be working on FleetDM now.

[mikermcneil]

Hi folks! Thanks for your contributions.

Sails.js is alive

The Sails.js team seems to be working on FleetDM now.

Confirmed, at least for some of us. @eashaw and I are definitely working on Fleet.

We also maintain Sails.js.

Aside, shout-out: @DominusKelvin is also doing some great work in the community to make Sails.js easier to learn at https://sailscasts.com.

I would say the project has been mostly abandoned.

Thanks for sharing your perspective. I would disagree and say the project is mostly stable.

For example, we use Sails.js at Fleet, in production. Sails.js is also in use at Postman, Stripe, Amazon, and many others in production. Sails Flagship has current customers as well.

My Sailsconf talks in 2020 and 2021 have more info, and I'll be doing another talk at Sailsconf 2022. Hope that helps!

Why I'm locking this issue

I've been doing this open source thing for long enough now that I know how easy it can be for "foo is dead" issues to cause confusion and further questions, which can be a merry-go-round of misunderstandings and time investment for everyone involved, so I'm going to go ahead and close and lock this issue. (Please feel free to link to this reply for similar issues that open in the future!) If anything changes, I will let the community know. But to be clear, Eric and I are committed as ever to making sure critical bugs and vulnerabilities are addressed quickly, and we have a strong incentive to do so.

Sails continues to be the best way I know how to build scalable, maintainable apps quickly.

Re: issue #7228 specifically

I've reported two vulnerabilities which really only require an update to the package.json to patch and never received a response after many months (and it's still not patched).

Hi @sudo-apt-get-updates, Eric and I took a look at your issue months ago.

Unfortunately, we missed the step of following through on the response we planned to share with you in your issue. Sorry about that!

Fortunately, we did prioritize and then take action in relation to your issue at that time. We decided not to patch, and instead to update the docs. Since Sails.js applications are not typically deployed in the web root of Java applications, and since the best practice for Sails apps is to use S3 or another more scalable solution for file uploads (rather than uploading to disk, which only works easily for single-instance deployments)

This response closes #7228.