This isn't like leftpad being deleted: he added an infinite-loop on purpose in a patch release to the package. This is a malicious attack. Only later did he delete packages.
No. It's a change he wanted to make to his code. Code is and has always been art. People have been consuming his code, and not keeping an eye on it to make sure it continues to mesh with their own work.
Intentionally adding code that has an infinite loop (the for loop literally uses "Infinity" as the target for the 'for' loop) sounds like an attack to me..
Indeed, it's common nowadays to label things (ideas, people, etc.) in order to frame them in a way that's convenient to the labeler and helps him advance his agenda. I think given the global situation, some people become more sensitive to this kind of tactic (which is often used), while others have shown just how susceptible they are to it.
The author of the software didn't attack anything. He just pushed some code into a place he had legitimate control of.
Some irresponsible (see what I did?) developers downloaded and executed this code without checking, and as a result their stuff broke.
Yes I do strongly disagree with the wording (attack) here.
If publishing a package you control is considered an attack than the same could be said about the developer using the package or the admins deploying said package
Attack and rights are not exclusive concepts. I would venture to say that your comment is mostly nonsequitor.
It's an indirect attack against the lazy and complacent, at the very least.
How dare the developer do that to them?!
People hate it when you make more work for them and companies will actively fight back so the outrage is predictable. What's surprising is the lack of support for both user and developer agency. Some have gone so far as to say that users have some sort of ownership over someone else's licensed code they chose to blindly change (apply an update) by right of "community" because they used it when it did what they wanted.
If it’s his project, as far as I’m concerned he’s within his rights deciding to make it do something different to what it did before, even if that is malicious. There is precedent for this with Chrome addon devs selling their addons to malware companies on the quiet.
That said, it is an attack on his users and it’s a shitty thing to do. He’s likely ended his career as an open source developer, and likely a paid developer as well.