I don't understand why. It's his code to break if he wants. But I guess when you use a social media service to host your code these are expected and normal results.
If he can break his code because he is the owner then shouldn't the same reasoning apply for Github suspending the account?. It is their website and their rules. Keep in mind Github owns npm and the author has published a malicious package to npm which has 20 millions of downloads so I'm not surprised.
IMO they are kind of different things. The dispute about the code itself seems to be more of a licensing thing whereas the GitHub itself seems to be a property thing.
He may have committed a crime. Interfering with computers you don't own with malicious intent is a crime, legally Microsoft may have had no choice but to take it down.
That doesn't give him the right to commit sabotage. If as the developer of a FOSS program I deliberately introduce something that will harm users, a "no warranty" clause won't protect me from the consequences. The guy knew full well how npm worked, and new full well that he was deliberately breaking lots of sites. "No warranty" just means he isn't liable for accidents.
You can pretend there's no difference between this and a computer virus, but there clearly is.
The users of this software pull it, explicitly, voluntarily. The author says it doesn't serve any particular purpose, and in using it you understand that. the software itself did nothing malicious, it just stopped working. It's not the same thing as slapping a license on a computer virus and forcibly foisting it onto an unwitting victim. It's not naive legalese loophole workaround thinking. When you choose to use the software you agree to abide by the license, which includes no promise of utility whatsoever.
Those seem like different things since a computer virus "user" never consents to or accepts the license, whereas someone importing the library into their package.json has.
Eh, just write in the EULA exactly what your virus will do and that they have no warranty, bundle it as an add-on a la toolbar bundling in the 00s, and bam, you've got the user's consent to do anything!
He is responsible for his own behavior, and harming with intent is not a liability that can be waived in the US. This is literally first week of Contracts course material in law school.
But there was no harm or no intent to harm, the software just stopped working. Just because you rely on someone's work doesn't mean you can expect it to continue forever.
