Friend who is not a software person sent me this tweet, which amused me as it did them. They asked if “runk” was real, which I assume not.

But what are some good examples of real ones like this? xz became famous for the hack of course, so i then read a bit about how important this compression algorithm is/was.

  • @dohpaz42
    link
    English
    214 months ago

    Yeah that debacle still pisses me off. Especially the fact that someone could possibly trademark and enforce a trademark a name that’s already in use. It’s made even worse that the package that now uses the stolen name is defunct.

    I hope all of the bad actors burn in Hell.

    • JackbyDev
      link
      fedilink
      English
      44 months ago

      What pisses me off is that NPM thought it would be okay to remove something from their repository.

      • @dohpaz42
        link
        English
        24 months ago

        What did NPM remove? My understanding is that NPM restored the deleted package. If you’re referring to giving the author the ability to delete their packages, I’m on the fence about that. On the one hand, if it’s open source, it’s a part of the community. On the other hand, it’s also still the author’s code, and if they are the only author, then it’s their sole decision if they want to host their code under their account.

        • JackbyDev
          link
          fedilink
          English
          14 months ago

          But at the same time if the code is properly licensed under an open source license (I would assume/hope NPM didn’t allow non FOSS code) then NPM can refuse to take it down. Yes, they put it back up, but I think it’s important for public repositories (as in packaged code repositories, not got repositories) to never remove things (barring legal requirements, sure).

          For what it’s worth, the policy they adopted after the fact seemed pretty sensible. I think it was something like you can’t take things down once they have ~100 downloads or x number of dependents.