This is amazing:
https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
tl;dr:
1. a developer of a bunch of popular #npm packages publishes new, intentionally broken versions of them as he doesn't want to support for-profit companies with his free work;
2. NPM *reverts* the packages to older versions against developer's wishes;
3. GitHub *blocks* the developer for acting "irresponsibly".
That story again: developer blocked by #Microsoft #GitHub for making changes to his own code.
This is why #AGPL and @forgefriends are so important!
@Gargron
I can't believe I'm agreeing with gargle-on.
I release my shit under the GNU GPLv3-only.
NPM was absolutely right to roll back the packages. Github was absolutely right to b& the developer and lock out changes, at least temporarily.
Why?
What's the operative difference, between what dude did here, and putting in a crypto miner, or backdoor, ssh key stealer, or password stealer, or crypto wallet stealer, or generic remote access tool?
The correct move was to hold back updates, and *maybe* release them under a new license.
@rysiek
