Marak corrupts NPM libs 'colors' and 'faker' breaking thousands of apps

Marak and I have had similar career trajectories. I’ve had some minimal correspondence with him over the years. I’ve also thought about doing the same as this several times, however in no situation could I imagine winning from it.

1 Like

I’ve been thinking for a while that as wealth inequality increases yet so does usage of open-source and consequently the demands on maintainers, we’ll see more and more events of Walter Whites becoming Heisenbergs.

I do wonder when maintainers will ramp up the auctioning of access of their projects to blackhat and state actors. Requiring funded cohorts to step in with better incentives.

Perhaps it’ll be the type of negative leverage, such as the case of massacres, in bringing about positive regulation. That said, in the case of massacres, taking away weapons from the aggrieved isn’t the best example of resolving their actual grievances; it kind of just muzzles them; despite allowing civilisation to march forward with a few people routinely falling overboard.

I’m not sure this was the best way of doing that.

I think he should have just contacted NPM and gotten his package taken down, and then made his repo private or something.

I hope he doesn’t get sued into oblivion for doing this.

However, I do understand his point of view.

I changed Lux’s license from a permissive one to the current reciprocal/non-commercial one while working on the current v0.6 of the language, taking advantage of many backwards incompatible changes I was making to the language and knowing that would force anybody who used it to have to accept the new license, instead of just forking the old version and maintaining it themselves.

When you have a library that is already mature and won’t be changing much in the future, this isn’t a viable method, and I wonder what else could be done that doesn’t involve putting a target on your back.

Drug cartel offers to pay me 6-figure salary for using my FOSS project.


In all seriousness. I don’t think it’s likely that FOSS devs will turn evil out of spite to big corporations.
There’s too much altruism in the FOSS world for people to take such a drastic turn.
But I wouldn’t be surprised if more tantrums like this happen in the future.

Who knows? It may be good in the long term.
It’s easier to ignore weirdos bitching and moaning on the internet about fair compensation than it is to ignore your app breaking.

是的,我有很多价值。 非常受欢迎和有用。 你会付多少钱?

May also depend on how big one Heisenberg can get.


Good old Carlos The Jackal.