Linux Foundation Announces the FAIR Package Manager Project for Open Source Content Management System Stability
The Linux Foundation | 06 June 2025
FAIR Package Manager project creates simplicity, security and consistency for the WordPress ecosystem; shared package repository now live for contributions
SAN FRANCISCO, June 6, 2025 — Today, the Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the launch of the FAIR Package Manager project, a federated and independent repository of trusted plugins and themes for web hosts, commercial plugin and tool developers in the WordPress ecosystem and end users. The FAIR Package Manager project, through its contributors, creates net new interoperability, making the web publishing ecosystem more innovative and accessible for all.
Vendor-neutral package management for content management systems like WordPress provides critical universal infrastructure that addresses the new realities of content, e-commerce and AI. The FAIR Package Manager project helps make plugins and tools more discoverable and lets developers choose where to source those plugins depending on the needs of their supply chain. By giving commercial plugin developers, hosts, and application developers more options to control the tools they rely on, the FAIR Package Manager project promotes innovation and protects business continuity.
“The FAIR Package Manager project paves the way for the stability and growth of open source content management, giving contributors and businesses additional options governed by a neutral community,” said Jim Zemlin, Executive Director of the Linux Foundation. ”We look forward to the growth in community and contributions this important project attracts.”
Features of the FAIR Package Manager project include:
- Eliminates reliance on any single source for core updates, plugins, themes and translations, enabling federation across the ecosystem from trusted sources.
- Advances WordPress’s alignment towards GDPR to improve privacy and security by dramatically reducing automatic browser data transmission and telemetry sent to commercial entities.
- Brings together a fragmented ecosystem by bringing together plugins from any source, not just a central source, while creating a foundation for modern security practices.
- Builds security into the supply chain, including improved cryptographic security measures, enhanced browser compatibility checking, and enabling reliance on trusted source security salts.
The project’s Technical Steering Committee is led by co-chairs Carrie Dils, Mika Epstein and Ryan McCue, all recognized experts in content management. Dils is an educator and prominent figure in the WordPress community, known for her advocacy and support of independent developers. Epstein, a longtime WordPress contributor and former manager of the plugin repository, is respected for her thoughtful approach to policy and community engagement. McCue, the developer behind the WordPress REST API and a contributor for more than 20 years, has played a key role in extending the platform’s integration capabilities beyond its core ecosystem.
“The FAIR Package Manager project represents the future, breaking away from the traditional centralized top-down approach to a decentralized, community-first solution – one which steps up to match the scale of the problem,” said McCue. “The WordPress community has grown immensely over the past 20 years I've been involved with the project, but it has also fractured over that time. With the FAIR Package Manager project, we're working to stitch the ecosystem back together, providing a platform to power the next decades of WordPress.”
“The FAIR Package Manager project gives the WordPress ecosystem a stronger, more independent foundation for delivering software. By decentralizing distribution, we’re ensuring the long-term sustainability of this open source content management platform,” said Dils. “For anyone building on WordPress – whether as a product, a service or critical infrastructure – the FAIR Package Manager project offers a trustworthy, stable path forward.”
“As a long-time advocate for open source and cooperative development, I’m very excited to be a part of the FAIR Package Manager project. The work we’re doing will improve not only the experience for users, but the sustainability and growth that the FAIR Package Manager project will make available to development companies, hosts, and agencies,” said Epstein. “The project removes technological bottlenecks and takes WordPress to the next level. With the help of some of the greatest minds in our community, we’re not just distributing development load, we’re distributing everything.”
The shared package repository is open and ready to accept contributions. To learn more about the project visit https://github.com/fairpm. Announcements about the governance and funding of this project are forthcoming. Companies and organizations who would like to participate in a funding effort for the FAIR Package Manager project, please contact info@fair.pm.
To learn more about the Linux Foundation, visit www.linuxfoundation.org. To learn more about the FAIR Package Manager project, visit www.fair.pm.
Supporting Quotes
“From individual end users to the enterprise and distribution channels, everyone in the WordPress ecosystem shares a common goal – the long-term viability of the platform. The best path forward in achieving this goal is to remove supply chain security vulnerabilities that threaten not only WordPress but decades of open source principles. The FAIR Package Manager project creates a decentralized infrastructure allowing secure, verified plugin and theme distribution from multiple sources, fortifying the supply chain and stabilizing the entire WordPress ecosystem in a simple yet profound way.”
– Karim Marucchi, CEO, Crowd Favorite
"Hosting the FAIR Package Manager project within the Linux Foundation provides neutral, transparent governance. This structure encourages broad participation and gives organizations the confidence needed to build, adopt and invest securely. I'm excited about the opportunities this creates for greater independence and collaboration across communities, and I look forward to seeing the community's contributions and the momentum this initiative will surely build."
– Joost de Valk, Partner, Emilia Capital
“Fastly is proud to champion the FAIR Package Manager project’s efforts to build an ever more vibrant and decentralized WordPress ecosystem. By powering the package manager, we're supporting the open source principles that drive creativity, collaboration and the sustained growth of the open internet's most impactful builders.”
– Tracy Hinds, Fast Forward Lead, Fastly
"As a dedicated open source advocate and long-standing user of WordPress, I love to see the community's progressive shift toward establishing an independent foundation for the distribution of plugins in a federated and trustworthy manner. By leveling the playing field via an interoperable ecosystem among plugin developers and enterprises, the future of WordPress as one of the world’s most critical open source projects will be bright and more accessible.”
– Chris Aniszczyk, CTO, Cloud Native Computing Foundation (CNCF)
“At the OpenJS Foundation, we know firsthand how critical neutral, community-led infrastructure is to the health and security of the open source web. The FAIR Package Manager Project brings that same spirit to the WordPress ecosystem, helping to strengthen the software supply chain through greater transparency. I’m excited to see how this project will give organizations and developers alike greater confidence in the future of WordPress and beyond.”
– Robin Bender Ginn, Executive Director, OpenJS Foundation
###
WordPress is a trademark of the WordPress Foundation. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.
Media Contact
Allison Stokes
The Linux Foundation
astokes@linuxfoundation.org
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, OpenChain, OpenSSF, PyTorch, RISC-V, SPDX, Zephyr, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.