Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
I wonder if he's really blocked. He claimed he was blocked before, but then published additional breaking changes.
His npm account is a different manner, but the npm terms of use have always said that you cannot use npm to distribute vulnerabilities.
The first iteration was called Majel. I may keep the name for the next version. I'm not sure yet.
The fact that people have been able to fork it (like here) and take ownership of it was despite Marak's actions. (I'm assuming that someone had their own forked version ahead of time, and they were able to upload that with the commit history intact. The fact that this was possible despite a bad actor like Marak speaks to the strengths of open source, but that by no means absolves Marak of the fact that he tried to remove the ability to access his source code. What happens if next time, this happens to a project that doesn't have frequently updated pre-existing forks that someone can readily re-upload? Most likely someone using a project as a dependency has a copy of it somewhere [if they don't accidentally update to the malicious version] and at least that can be uploaded, but even there, the entire commit history is lost.)
Look at the description: https://github.com/microsoft/CBL-Mariner