Your hyperbolic use of "malware" for what is clearly a prank is precisely why this is abusable. I buy that you feel strongly and think this developer should be punished for, essentially, making their views visible in their work. Now imagine the people who would want to punish you for your views. Think they won't find anything?

This is as much a “prank” as “benign” adware that pops up an ad on your desktop every hour.

Maybe adware that pops a message that doesn't generate any revenue once after 15 seconds would be more accurate. But I suppose that depends on if a single non-commercial message counts as an ad.

Adware tend to be localized to your own computer instead of working its way into websites you build and pushing itself to all your users.

Perhaps you should reflect why you are pushing adware to YOUR users then. Maybe you should vet YOUR work more carefully instead of pulling in hundreds of dependencies that YOU haven't bothered to vet.

Yes, more visibility into which packages are published/controlled by malware authors helps with vetting (immediate pass instead of reading thousands of lines of code). Yet some people are terrified by that prospect. Really makes you wonder.

"i dont even want to bother reading the code i ship to my users"

Perhaps this is the year when we will collectively realize that cancellation is, in fact, an appropriate response to someone behaving in an anti-social manner.

Is this satire?

I can’t speak for GP, but ostracizing and shunning are pretty much the assumed enforcement mechanism—when they’re articulated—among people with libertarian principles when those principles are applied consistently. “Cancelling” is far more humane than incarceration or other forms of punishment, because you can emigrate elsewhere. It’s also far less likely to create implicit hierarchies if it’s commonplace.

So someone misplaces their idealism and your solution is canceling them until they must emigrate? Who are you people?

I mean I’m not asking for anything to be done here at all, but I hope you’d agree that “someone misplaced their idealism” would be better served by a trip to another package registry than a trip to prison… right? Who are me people? I’m not that organized. I’m just observing that “cancelling” has a philosophical underpinning in even more theoretically libertarian thought than which I personally endorse. I think it’s worth the observation because the people who most object share similar philosophies.

I do have a strong sense of freedom of association which makes me sympathetic to that idea. I also understand it’s not the end of the conversation.

But I find the hypocrisy of ideological freedom contrasted with freedom to associate really galling.