This is amazing:
https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/

tl;dr:
1. a developer of a bunch of popular #npm packages publishes new, intentionally broken versions of them as he doesn't want to support for-profit companies with his free work;
2. NPM *reverts* the packages to older versions against developer's wishes;
3. GitHub *blocks* the developer for acting "irresponsibly".

That story again: developer blocked by #Microsoft #GitHub for making changes to his own code.

This is why #AGPL and @forgefriends are so important!

Both npm projects were published under the MIT license. Publishing them under the #AGPL would make Big Tech not touch it with a ten foot pole, while allowing other free software projects to still use them.

When publishing a project, consider using AGPL. I use it for basically all my public code.

Just to be absolutely clear, as @Gargron noted in a separate thread, this is absolutely shitty of the developer to pull the rug from under everyone (including plenty of FLOSS projects, I'm sure) using his npm packages. A breach of trust indeed.

But for me it is also worth noting GitHub blocking a developer for changes made by him to his own projects.

@rysiek @gargron
I have not followed this closely, but if the developer objected to the use of their code, why did they not delete it instead of crippling it?

@wim_v12e @rysiek My understanding is that after the left-pad incident, you can't delete NPM packages once they are posted for more than a short time. It is to prevent someone from basically deleting their coding and breaking everything.

@dmoonfire @rysiek

"The Left-Pad Incident"

sounds almost like a spy thriller ^_^