They can and they did, but it still feels malicious because they intentionally reverted the maintainer's latest version, which is the author's will on their creation.
It's a bit like me going to my bank to close the account and instead they throw me out and keep my money.
Honestly I don't understand why microsoft did anything at all. Can't people just pin a version?
doesn't npm have policies for packages to follow semvar? I could see why they would have policies to rollback broken minor versions that are distributed via npm.
It's a bit like me going to my bank to close the account and instead they throw me out and keep my money.
Honestly I don't understand why microsoft did anything at all. Can't people just pin a version?