This is amazing:

1. a developer of a bunch of popular #npm packages publishes new, intentionally broken versions of them as he doesn't want to support for-profit companies with his free work;
2. NPM *reverts* the packages to older versions against developer's wishes;
3. GitHub *blocks* the developer for acting "irresponsibly".

That story again: developer blocked by #Microsoft #GitHub for making changes to his own code.

This is why #AGPL and @forgefriends are so important!

Both npm projects were published under the MIT license. Publishing them under the #AGPL would make Big Tech not touch it with a ten foot pole, while allowing other free software projects to still use them.

When publishing a project, consider using AGPL. I use it for basically all my public code.

Just to be absolutely clear, as @Gargron noted in a separate thread, this is absolutely shitty of the developer to pull the rug from under everyone (including plenty of FLOSS projects, I'm sure) using his npm packages. A breach of trust indeed.

But for me it is also worth noting GitHub blocking a developer for changes made by him to his own projects.

@rysiek @gargron
I have not followed this closely, but if the developer objected to the use of their code, why did they not delete it instead of crippling it?

@wim_v12e @rysiek My understanding is that after the left-pad incident, you can't delete NPM packages once they are posted for more than a short time. It is to prevent someone from basically deleting their coding and breaking everything.


@dmoonfire @rysiek

"The Left-Pad Incident"

sounds almost like a spy thriller ^_^

· · Web · 1 · 2 · 5
Sign in to participate in the conversation

cybrespace: the social hub of the information superhighway jack in to the mastodon fediverse today and surf the dataflow through our cybrepunk, slightly glitchy web portal support us on patreon or liberapay!