This is amazing:

1. a developer of a bunch of popular #npm packages publishes new, intentionally broken versions of them as he doesn't want to support for-profit companies with his free work;
2. NPM *reverts* the packages to older versions against developer's wishes;
3. GitHub *blocks* the developer for acting "irresponsibly".

That story again: developer blocked by #Microsoft #GitHub for making changes to his own code.

This is why #AGPL and @forgefriends are so important!


I can't believe I'm agreeing with gargle-on.

I release my shit under the GNU GPLv3-only.

NPM was absolutely right to roll back the packages. Github was absolutely right to b& the developer and lock out changes, at least temporarily.


What's the operative difference, between what dude did here, and putting in a crypto miner, or backdoor, ssh key stealer, or password stealer, or crypto wallet stealer, or generic remote access tool?

The correct move was to hold back updates, and *maybe* release them under a new license.

Sign in to participate in the conversation

"pissed everyone off in literally record time" - Recommended by 10 out of 10 people who, for some sad reason, have a dedicated column up to watch #fediblock.