Decorative image for blog on top open source frameworks
April 4, 2024

Top Open Source Frameworks From the State of Open Source Report

Open Source

In software development, frameworks play an important role. In the 2024 State of Open Source Report, we devoted a section to open source frameworks and saw some interesting variation from last year in terms of the results. Read on to see which open source frameworks are currently popular among developers and to get an update on AngularJS usage two years after it reached end of life. 

Back to top

Top Open Source Frameworks of 2024

This year, the top three open source frameworks are:

1. React.js
2. jQuery*
3. Angular 2 (or newer)

*While jQuery is technically not a framework, we felt it made sense to include it in this category as we have done in past years.

React.js for JavaScript development held on to the top spot and usage stayed the same compared to last year (25.84% vs. 25.69%). However, Spring Boot (for Java development), which was the 2nd most used framework last year, dropped 9 percentage points to 8th place. jQuery, also used in JavaScript development, moved from 3rd place to 2nd place, and Angular 2 (or newer) is now #3. 

Other notable data insights:

  • In the Al/ML/DL space, PyTorch usage grew for the third consecutive year. 
  • Of the six Eclipse frameworks we asked about, Eclipse Vert.x is the most popular (8.79% usage), followed by Eclipse VIATRA (7.92% usage). 
  • NET Framework/Core usage grew 3% over the past year.

Here's the complete breakdown:

Chart of open source frameworks from State of Open Source Report
Source: 2024 State of Open Source Report
Back to top

AngularJS Usage Update 

Despite being end of life, AngularJS is still in use in more than 16% (16.54%) of organizations, and nearly 22% (21.89%) of large enterprises. These numbers are very close to what we saw in last year's report.

About half (49%) of the organizations using AngularJS also have React.js, and nearly a third (31%) have Angular 2 (or newer). This indicates that organizations have other apps, but migrating or decommissioning applications with end-of-life (EOL) AngularJS perhaps requires time and/or resources not available right now. 

When we looked at the data by industry, it turns out that the top three industries using EOL AngularJS are banking, insurance, or financial services (26.82%); technology (21.22%); and education or research (15.85%). Banking is a highly regulated industry, so it's likely that some of these organizations have a third party vendor providing long-term support (LTS) since compliance regulations often require that EOL software be supported. AngularJS post-EOL LTS is the best way to protect your apps patches that address security vulnerabilities while you explore AngularJS alternatives

Protect Yourself from AngularJS CVEs with Long-Term Support Through 2030

OpenLogic provides LTS to help organizations manage their EOL AngularJS deployments and patch CVEs. 

Get Support Now

Speaking of AngularJS support, we asked a follow-up question this year just for respondents who indicated they were using AngularJS: 

Chart from State of Open Source Report
Source: 2024 State of Open Source Report

What jumps out here is that roughly 29% said “I don’t know” which suggests that these respondents are unaware of the risk or have no knowledge of their organization’s mitigation strategy (if one exists). Yet when we look at the answers by job title, 45% of those who said “I don’t know” are developers or engineers — presumably the individuals who would be responsible for fixing vulnerabilities.

Only the 32% who responded that they already have a vendor to provide patches or in-house support for CVEs are being proactive in terms of protecting their apps. The remaining 68% — who are either not patching, not scanning, waiting until there is a critical CVE to start the vendor procurement process, or simply “don’t know” — could be in big trouble if a high or critical severity CVE is disclosed. 

On February 10, a little over a week after the State of Open Source Report came out, a high-severity CVE impacting AngularJS was, in fact, disclosed: CVE 2024-21490, which is a ReDoS vulnerability. Hackers could exploit this CVE to cause backtracking and denial of service errors leading to degraded performance and/or downtime. The consequences of such an attack could be very serious, not to mention costly. 

Back to top

Final Thoughts

Open source frameworks are an essential component in software development. Fortunately, the communities behind the most heavily used frameworks are very active and committed to making website and application development easier and more efficient. 

Organizations should pay attention to updates and new releases and always aim to be on the latest version of their open source framework. If migrating off an EOL framework like AngularJS isn't an option right now, the added security of LTS can give you peace of mind while you figure out your next steps. 

Download the 2024 State of Open Source Report

For more insights on the top open source trends and OSS being used by organizations around the world today, get your free copy of the report via the link below.         

Get the Report 

Additional Resources

Back to top