yeah i don't see it as an attack and was very surprised Github suspended his account, less so that NPM unpublished the package. It is easy to think of these platforms as unbiased repositories, but as soon as something is deemed 'wrong' suddenly you need to think what the criteria is for that decision, who makes the decision and how? Where is the line?
Is an infinite loop is the line? Updating a package to display random text without an infinite loop is crossing the line too? Who decides what _my_ OSS library is allowed to do? Can I update it just to add a banner asking for donations? How is that functionally different to random text other than intent?
Is an infinite loop is the line? Updating a package to display random text without an infinite loop is crossing the line too? Who decides what _my_ OSS library is allowed to do? Can I update it just to add a banner asking for donations? How is that functionally different to random text other than intent?