1. Set a default label for issues (e.g. “autoclose”)
2. Make your auto closing and locking logic based on that label (eg the label-actions github action)
3. As a maintainer, remember to remove the label when creating an issue!
This seems to me to be the most likely explanation. Someone important and/or rich wants something memory-holed and the archive sites are amongst the last to contain the content, so someone else is creating a facade organization as an attempt to get it taken down in every way possible. And yes it's entirely possible that the archive sites have multiple "enemies".
What was even worse than there being dupe ChatGPT apps in the Mac app store was that Perplexity and Gemini both recommended installing chatgpt dot macupdate dot com as if it was the official app.
The affected repo has now been taken down, so I am writing this partly from memory, but I believe the scenario is:
1. An attacker had write access to the tj-actions/changed-files repo
2. The attacker chose to spoof a Renovate commit, in fact they spoofed the most recent commit in the same repo, which came from Renovate
3. Important: this spoofing of commits wasn't done to "trick" a maintainer into accepting any PR, instead it was just to obfuscate it a little. It was an orphan commit and not on top of main or any other branch
4. As you'd expect, the commit showed up as Unverified, although if we're being realistic, most people don't look at that or enforce signed commits only (the real bot signs its commits)
5. Kind of unrelated, but the "real" Renovate Bot - just like Dependabot presumably - then started proposing PRs to update the action, like it does any other outdated dependency
6. Some people had automerging of such updates enabled, but this is not Renovate's default behavior. Even without automerging, an action like this might be able to achieve its aim only with a PR, if it's run as part of PR builds
7. This incident has reminded that many people mistakenly assume that git tags are immutable, especially if they are in semver format. Although it's rare for such tags to be changed, they are not immutable by design
Renovate's TS tooling seems to work fine otherwise, and for ts-remove-unused as a new tool wanting to get adoption then you should be aiming to work the way your users already work, and not fail + tell them that they are the ones which need to change.
BTW the VSCode extension which someone else linked to discovered everything perfectly, which is another hint that your tool needs to improve, not your users.
Even if tsconfig.json was very important, and the users are all wrong and you're right, the only thing your readme says is: "The CLI will respect the tsconfig.json for loading source files." which is insufficient.
It deleted 100s of files, most of which were Jest test files, and potentially all of which were a mistake. I restored them all with `git restore $(git ls-files -d)`.
I then ran `tsc` on the remaining _modified_ files and `Found 3920 errors in 511 files.`
Obviously at that point I had no choice but to discard all changes and unfortunately I would not recommend this for others to even try.
I'm surprised to find there's not more demand for "back to back" travel wifi routers, e.g. so you can connect once to a hotel wifi and immediately all devices are connected via the router's own wifi. This is useful not just for working around device limits but also for simplicity of setup when you have kids.
> On June 30, 2022, we entered into a License Agreement with Visicom (the "License
Agreement"), pursuant to which we agreed to distribute, at the discretion and
direction of Visicom, a specified number of ManyCam software updates to certain
license holders to whom Visicom has previously granted a "lifetime" license to
ManyCam software. As consideration for distributing the software updates,
Visicom paid us an initial upfront nonrefundable payment of $65,000. The License
Agreement provides that Visicom may purchase additional licenses at prices
specified therein. Other than providing a one-time, limited license to Visicom
for the distribution of ManyCam software updates pursuant to the terms of the
License Agreement, we do not have any obligation to provide support or service
to the licensee end users.
Visicom really pumped the ManyCam lifetime upsells. I found 15 emails over an 18 month period in 2020-2021 with them pitching lifetime (which I eventually bought). An example email text they used is:
> Upgrade now to ManyCam Studio Lifetime for only $39 and get access to all the future versions and updates, forever!
What they presented to the user was unequivocal. In a just world, the company who sold ManyCam (Visicom Media) should not be able to get away with this.
Renovate is indeed AGPL, but if you're just running it as a CLI, do you think there's anything to "watch out for"? It does not make any project you run it against AGPL, that's for sure.
Also you should be aware that dependabot-core, which dependabot-gitlab wraps, is not technically Open Source at all: https://github.com/dependabot/dependabot-core/blob/main/LICE...
Wrapping a non-open source project in another project which claims to be MIT licensed does not change the underlying license. I'm not a lawyer but question the validity of them doing this without larger disclaimers.
However, I think that it's likely not something to "watch out for" either. Likely both licensing approaches were intended as a way to forbid or discourage competing services and each project welcomes people self-hosting.
In short I don't think that the license of Renovate or Dependabot is likely material for anyone planning to run it for themselves.