by DishyDev on 8/9/23, 1:37 PM with 4 comments
by tailspin2019 on 8/9/23, 2:51 PM
I’ll also be reevaluating all my Nuget dependencies and their potential security risks (so indirectly, one good thing I guess).
Reading all the comments on GitHub though, I’ve got to feel for the dev a bit - he has half the .NET community all piling on after years of his hard work likely being under appreciated (as is often the case with OSS developers).
He’s made a big misstep with this, and broken a lot of trust, but it genuinely doesn’t look like malice - rather just (really) terrible judgement.
Not excusing his mistake, but wow, I wouldn’t want to be on the receiving end of all that anger.
Personally I feel there is a limit to how angry I’m entitled to be after years of benefitting from this guys work without paying him a penny.
It’s really just a sad situation all round.
Edit: more info on the dev’s reasoning behind this change in his original blog post from January:
by minajevs on 8/9/23, 2:01 PM
.NET Analyzers spawning processes, especially in an elevated environment. Pausing builds for 100ms for non-paying users. Silently leaking millions of user emails.
That all seems much dirtier than core-js drama.