← Back to context

Comment by katdork

2 days ago

that's why I complained about it in the PR, mmm, I thought it was grossly unprofessional of him (besides the things he said in the discussion.

e.g. Tech changes all the time, that isn't an excuse to be a dick. e.g. ok dude, don't expect any future free work from me in the future on any of your projects going forward. Rude AF.)

also, I just realised, that PR is an excuse to get the library he made (https://github.com/quantizor/markdown-to-jsx) used within TailwindCSS :p

2 comments

katdork

Reply
akuchling  2 days ago

Stray thought: adding a library the PR submitter controls would be a good starting point for an XZ/SSH-style supply chain attack: badger & threaten the maintainers to add the dependency, and then sneak something into a future library update.

  • falloutx  2 days ago

    This seems like a huge red flag, there is no need to add any more dependencies to an already fully featured repo