Post Syndicated from original https://lwn.net/Articles/880809/rss

Bleeping Computer reports
on the latest NPM mess: the developer of the “faker” module deleted the
code and its development history from GitHub (with a force push), replaced
it with a malicious alternative, and broke dependencies for numerous
applications.

The reason behind this mischief on the developer’s part appears to
be retaliation—against mega-corporations and commercial consumers
of open-source projects who extensively rely on cost-free and
community-powered software but do not, according to the developer,
give back to the community.

GitHub has evidently called this action a violation of its terms of
service and disabled the owner’s account; NPM has restored a previous
version of the code.