If one needs to work with pdf in a JS environment one will sooner or later cross paths with pdf-lib. I noticed the last release was almost 5 years ago and the maintainers git contributions stopped at the same time. There is a second github account under the same name but the last contribution was in 2024.
Also his personal homepage (https://andrewjdillon.com/) seems to be no longer under his control, the certificate has a different CN and the websites domain is listed under the SAN (with a multitude of other domains).
If you're a serious user of this library and have time, consider forking the project, merging reasonable PRs from the original and giving some life support to it. I temporarily took over a project like that and "gave it back" after a few years when the original maintainer returned. I think it benefits everyone.
There appears to be no obvious plausible link between the SANs other than very obvious lack of plausibility to each website. They're mostly pretend (or knock-off) business websites in random countries (everywhere from Trinidad and Tobago, Germany, mainland USA, Hawaii...) in various languages and all the ones I checked have no verifiable substance to them. For example, one domain is a supposed USA shipping/logistics company whose website states they have 1949 customers and have only delivered 7126 packages, and claims a head office as a house in Renton WA, an office at a different house in Stockbridge GA and a supposed warehouse at a third house in Portland OR. Most domains don't include any valid contact or business information, even a supposed restaurant where you'd want people to find your location easily!
There does appear to be heavy use of Google Firebase, and many of the sites share the same IP address(es) for hosting. A reverse IP lookup of domains hosted at those IP addresses reveals more random suspicious domains beyond just those just listed at https://crt.sh/?q=andrewjdillon.com
Have you tried emailing him? He likely also owns hopding.com, and both domains consistently seem to be at Squarespace. The last commit on his GitHub (Feb 2025) someone commented "Good to see you're still with us :-)", so he may just not update things often.
True, I accidentally posted the date of the comment (1) not the commit. The only thing strange seems to be he used a smiley in the referenced commit message which doesn't seem to be his style.
Please don't call people randomly. Unless you're offering him a job which is what the resume is for...
When the linkedin is down, medium is left unattended, the personal domain is not working, we can reasonably guess he doesn't (or is unable to) care about the project or online presence anymore.
I think that's silly. Do we really live in an age where we feel it's better to simply not communicate with people in the slightest?
Give them a call, you're not harassing them. If they choose not to answer or call back a voice mail number, then you can presume they don't want to be contacted.
Before posting this idea online... Maybe, possibly, but personally I still think it's a bad idea.
After posting this on HN - no! If you think it's a good idea, so will other people reading this. (And others have before you) After the post reaches the front page - absolutely no - there's a bunch of socially awkward people already thinking about calling the author and they really should NOT DO THAT.
The author owes us absolutely nothing and if they want to disappear, that's their right. Calling them is demanding their time in a not trivial to ignore way. Just write an email that can be deleted async.
You are right: it is silly, but also, given the amount of robo-calls in the US, cold calling someone you don't know is a good way to be put on auto-spam.
If you really want to reach out, his email seems to be the way he prefers to be reached, so that's what I'd recommend.
> I think that's silly. Do we really live in an age where we feel it's better to simply not communicate with people in the slightest?
I agree it’s silly. But it’s also the prevailing view that I’ve seen.
I still answer calls, even if 95% of them these days are either phishing attempts or vendors trying to sell me stuff. But my friends will text me first and say “can I call you” even if I say they can just call.
If one needs to work with pdf in a JS environment one will sooner or later cross paths with pdf-lib. I noticed the last release was almost 5 years ago and the maintainers git contributions stopped at the same time. There is a second github account under the same name but the last contribution was in 2024.
Also his personal homepage (https://andrewjdillon.com/) seems to be no longer under his control, the certificate has a different CN and the websites domain is listed under the SAN (with a multitude of other domains).
If you're a serious user of this library and have time, consider forking the project, merging reasonable PRs from the original and giving some life support to it. I temporarily took over a project like that and "gave it back" after a few years when the original maintainer returned. I think it benefits everyone.
The SANs associated with https://crt.sh/?q=andrewjdillon.com are extremely suspicious. They reminded me straight away of https://ourbigbook.com/cirosantilli/cia-2010-covert-communic...
There appears to be no obvious plausible link between the SANs other than very obvious lack of plausibility to each website. They're mostly pretend (or knock-off) business websites in random countries (everywhere from Trinidad and Tobago, Germany, mainland USA, Hawaii...) in various languages and all the ones I checked have no verifiable substance to them. For example, one domain is a supposed USA shipping/logistics company whose website states they have 1949 customers and have only delivered 7126 packages, and claims a head office as a house in Renton WA, an office at a different house in Stockbridge GA and a supposed warehouse at a third house in Portland OR. Most domains don't include any valid contact or business information, even a supposed restaurant where you'd want people to find your location easily!
There does appear to be heavy use of Google Firebase, and many of the sites share the same IP address(es) for hosting. A reverse IP lookup of domains hosted at those IP addresses reveals more random suspicious domains beyond just those just listed at https://crt.sh/?q=andrewjdillon.com
Have you tried emailing him? He likely also owns hopding.com, and both domains consistently seem to be at Squarespace. The last commit on his GitHub (Feb 2025) someone commented "Good to see you're still with us :-)", so he may just not update things often.
Last account activity was 2024-07-08 to push changes to the personal website andrewjdillon.com.[1][2]
Last account activity to contribute to any to any repository was 2021-11-28 to comment on the hopding/pdf-lib repository.[2]
It's clearly now an unmaintained repository with 4+ years of inactivity, and likely now also a mostly unused GitHub account in general.
[1] https://github.com/Hopding/andrewjdillon.com/commit/0657c690...
[2] https://play.clickhouse.com/play?user=play#U0VMRUNUICogRlJPT...
True, I accidentally posted the date of the comment (1) not the commit. The only thing strange seems to be he used a smiley in the referenced commit message which doesn't seem to be his style.
(1) https://github.com/Hopding/Hopding.github.io/commit/40c7e0e8...
His phone number and email address are in his resume, so you could try to contact him
Please don't call people randomly. Unless you're offering him a job which is what the resume is for...
When the linkedin is down, medium is left unattended, the personal domain is not working, we can reasonably guess he doesn't (or is unable to) care about the project or online presence anymore.
You don't have to call them.
You can use WhatsApp, Signal, or SMS. Drop them a message, see if you get a reply.
I think that's silly. Do we really live in an age where we feel it's better to simply not communicate with people in the slightest?
Give them a call, you're not harassing them. If they choose not to answer or call back a voice mail number, then you can presume they don't want to be contacted.
> Give them a call, you're not harassing them.
Before posting this idea online... Maybe, possibly, but personally I still think it's a bad idea.
After posting this on HN - no! If you think it's a good idea, so will other people reading this. (And others have before you) After the post reaches the front page - absolutely no - there's a bunch of socially awkward people already thinking about calling the author and they really should NOT DO THAT.
The author owes us absolutely nothing and if they want to disappear, that's their right. Calling them is demanding their time in a not trivial to ignore way. Just write an email that can be deleted async.
You are right: it is silly, but also, given the amount of robo-calls in the US, cold calling someone you don't know is a good way to be put on auto-spam.
If you really want to reach out, his email seems to be the way he prefers to be reached, so that's what I'd recommend.
PS: He did some commits to his personal website about 1.5 years ago: https://github.com/Hopding/Hopding.github.io/commits/master
> I think that's silly. Do we really live in an age where we feel it's better to simply not communicate with people in the slightest?
I agree it’s silly. But it’s also the prevailing view that I’ve seen.
I still answer calls, even if 95% of them these days are either phishing attempts or vendors trying to sell me stuff. But my friends will text me first and say “can I call you” even if I say they can just call.
LinkedIn seems gone too https://linkedin.com/in/andrewjdillon
What if he/she doesn't want to be bothered any more or is not interested in it? Or whatever else?
Go clone the repo and work on it.
Why would you think he is not ok? Just linking to a GitHub repo he maintains doesn't really tell the story.
See https://news.ycombinator.com/item?id=46943866
Sounds like there's a fork where some maintenance is still going on:
https://github.com/Hopding/pdf-lib/issues/1720