[hinkley]

Code that hasn’t been touched gets forgotten. Even if it’s not accumulating new known security holes, and new performance or correctness deficits from not leveraging newer APIs.

It’s basically abandonware that is waiting for one major problem to render it obsolete. I don’t entirely agree with npm and GitHub ranking projects by recent activity, but they’re not entirely wrong either.

You can always be clarifying variable names or shoring up docs. Updating dependencies and keeping track of APIs without necessarily changing the fundamentals of the project.