Comment by RoadieRoller
1 day ago
> Why do they delete a commit and push a new one every few hours?
May be to make it appear on the top of the "Last Updated" repositories in case someone searches for the repo or a keyword. So instead of the author's actual repo, the users endup cloning the trojan infected one.
Bingo!
They're also gaming the heuristic that if an OSS repo hasn't had any pushes in ~6mos many users consider it defunct.
‘Actively maintained’