Something's gotta give
We really need to start treating critical software infrastructure like we do for things like transportation and fuel, food supply chains, medical supply chains, etc.
As an emergency preparedness and response professional with an IT background, it is woefully inadequate and quite potentially a major hazard that libraries and small infrastructure projects like this hinge on a developer or developers who are volunteering their time and effort with no continuity planning, funding, time or means to respond to a bug or vulnerability because nobody wants to do it. Not everyone has a Google, IBM-hat, HPE/HPI, or Microsoft in their corner giving them time to do this utterly thankless, time consuming, but absolutely critical work to make sure that things will work further up the stack.
It's not flashy, on a resume most employers will give it a glance and even if they know what it is this person does and just how important it is, it rates a little above "that's nice" unless they're "concerned it may impact your productivity". It's a damned shame and I wonder how much chaos, insanity and murder is going to have to occur to get people and business to actually give a shit.