Hacker News new | past | comments | ask | show | jobs | submit login
My open source project got stolen by a HN user
131 points by AndreVitorio 11 months ago | hide | past | favorite | 65 comments
Hey everyone, I've got a bit of a situation and could use some insight.

So, I created this open-source project called Outstatic (https://outstatic.com), it's been my pet project for a while. But here's the twist: I just found out someone on HN (https://news.ycombinator.com/user?id=hoofhearted) took my entire project, renamed it, and has been showing it off all over the internet as their own thing.

I'm not usually one to call people out, but this is just too much. The only reason I found out was because this person was asking for help with my project on our Discord server, and I got curious.

Turns out, they've been pretending to develop this 'new' project since April and have even been warned by the mods here for spamming about it. When I casually mentioned that I stumbled upon their project and that it looked cool, they went on and on about their 'original vision' and even had the nerve to ask me to join them as a co-founder!

I understand that open source means people can use and modify the work, but claiming total credit and denying any connection to the original project? That's a bit much. I did bring up the issue of giving credit and licensing, and the response was a vague promise of 'eventually' doing it.

Just wanted to get this off my chest and see what you all think. It's a weird spot to be in, for sure.

He's fooled a bunch of people into joining and contributing to “his project”. So I feel like I should at least warn them that they are making contributions to a "stolen” project.

Here's a list of posts where this person claims they built everything and intentionally mention all the tech stack but leaves “Outstatic” out of it: https://dub.sh/code-theft




For more context, the author of the fork seemed to have stepped in to "answer" some of the concerns in the Reddit thread by OP, and some of it is just plain hilarious.

https://www.reddit.com/r/nextjs/comments/17wujjc/my_open_sou...

Claiming that the project is "a copy of a copy" because the author forgot to switch the license from the template MIT which had "Vercel" in it - https://www.reddit.com/r/nextjs/comments/17wujjc/comment/k9j...

Claiming code (!) contributions to the project, while there is only a single commit by him (fixing typos) and he has an unresolved conversation in a single GH issue - https://www.reddit.com/r/nextjs/comments/17wujjc/comment/k9j... (the commit is https://github.com/avitorio/outstatic/commit/442a3189697540e..., issue https://github.com/avitorio/outstatic/issues/73)


That wasn’t the claim at all actually


I had also been working to resolve a number of major issues within Outstatic such as licensing and GDPR concerns with the author himself privately; as to not disclose major issues on a public forum like that from out of respect.

I appreciate and understand your feelings.

What changes or updates can I make based on your feedback?



I apologize for my end of the drama. I never meant any harm or anything nefarious, and I 100% never intended to come off as stealing.


Hey Brandon,

I don't want to keep coming back to this.

I know you never intended to come off as stealing, thieves don't want their theft to be discovered. Unfortunately, seeing how you continued to lie after being exposed this apology feels like too little too late. If a sincere apology, admitting your wrong doing and attempt to hide any connection to Outstatic, had been written in the beginning of this whole ordeal, I'm sure this wouldn't have taken the proportions it took.

I'm not saying what you've done is unforgivable, you made a mistake, but it's important to come clean.

I hope one day you see that what you've done is wrong and that this whole situation was brought up because you tried taking credit for something you didn't create.

Don't think I've enjoyed any of this. To the contrary, I wish I never had to write about this, but I couldn't let you take credit for the work of Outstatic's contributors.

I hope that in the future you only take credit for things you create, and if you use someone's work, do give credit where it's due. This will avoid a lot of stress for you and those who's work you are benefiting from.


What’s your goal here mate? To teach me some life lesson or something?

You are coming off as a bit controlling and narcissistic. It’s a bit creepy that you befriended me on discord just to capture screenshots to use against me on your blog, started following and cyber stalking the contributors to my project. I bit more creepy that you went behind me online and made posts “warning” the public about me.

I didn’t do anything wrong. I forked the Outstatic project, which had the Vercel copyright MIT license at the time of forking, and I went with that. There was no author or entity mention in the license, so what was I supposed to do exactly?

I didn’t steal anything, and you are kind of just making up your own rules regarding open source software and giving credit because I didn’t fit in your little perfect world of open source software.

I was not aware that I had to also run any of my videos or social media posts by you first for permission before posting.

You never actually confronted me about any sort of concerns or violations, nor have you given me any chance to make updates or modifications to suit your complaints.

You have instead been on a social media campaign spreading drama and knocking me down to push your own product up.

What kind of credit are you looking for exactly?

https://www.quora.com/If-someone-doesnt-put-my-MIT-license-i...

https://pitt.libguides.com/openlicensing/MIT#:~:text=Like%20....


I checked the source code in both projects and it seems that a fair amount of rework has happened already. They don’t really look alike beyond bits of structure and the basic layout.

This is exactly the intent of a MIT license. The only unfair aspect is that they seem to have removed the original license notice, which is a requirement.

Their project is MIT licensed too, so if you like what they’re doing you can play your Uno reverse card!


The /source directory in his repo is 90% our code. But look, I'm not mad he is using our project, it's open source after all. I'm happy it is and people can do whatever with the code.

What I'm exposing here is an attempt at making people believe he is the author of said code. Not someone who took 90% of a project and is building something with it, but that he wrote the entirety of the code.


This a comparison of the src folders using Meld: https://postimg.cc/sM2HDP7G

In the scrollbars on the right, blue is modified, green is new, black is equal. Only a handful of hooks, helpers and simple components are still the same. 90% sounds quite far from reality.

Not that I think the lack of credit given to the original project isn’t scummy, but… it’s just someone being an asshole, not much you can do about that.


Have you verified that those changes are not something trivial like formatting?


Also have into account at what point the code was merged. We have made changes to our code base, and he probably did as well. I'm not mad he is using the code, my problem is with removing credits and claiming the work as his own.

Basically doing stuff like this: https://www.reddit.com/r/developersIndia/comments/14m3evc/i_...

The video is him basically showing our CMS with the logos swapped.


Yes, I have verified that the changes aren’t trivial.

Our project includes near 100% test coverage, and enterprise features that any serious development shop will require.

ISO27000/27001 compliance is a big start in non trivial changes.


Relevant portion below, taken from this page (https://dev.to/sadeedpv/someone-copied-my-code-on-github-and...):

'With the MIT license, you should really also put your copyright and license notices at the top of each source file in a comment in addition to the license file in the repo. This way if someone uses one or more files but not entire repo, your copyright notice and license declaration stays with your code, unless they deliberately remove it. With only a license file you risk someone who only needs one of your source files separating those notices from your code accidentally with no ill-intention toward you or your work.'


No way, especially with bigger licenses that are hard-breaked, it's such a wasteful tax on readers' attention to have the first page of every file be some legal garbage

And the risk of copy&pasting just the code someone needs (it's not always/mostly at a file level) doesn't disappear


That 'legal garbage' is what reduces ambiguity.

As far as a tax on the reader, the reader is free to scan past the copyright section.

Your argument is vacuous.


Sorry disclaimer, I'm too lazy to immediately check everything myself, but will, and will write confirmed or not-confirmed.

So, I read comments and few surface details. What I note:

1. Original project is MIT licensed. MIT only forcing, IF you use it, to make special page with mentions of all MIT licensed code used in project and nothing more.

2. ANY software project could being divided to separate independent parts, which will be then rewritten based on clean room methodology, and after this you could just remove ANY mentions of MIT licensed code which was used earlier. As I understand, person who copied your project, rewritten all your code himself and NOW he have not any your code in project.

Unfortunately, now you only can do something much exceed properties of your tween, so he will have to race with you or you'll win.


It is definitely unfair at say the least. I do see that their About text in Github has outstatic but that is it. If the code was directly copied pasted (regardless of MIT license), he should at least mention your project as a courtesy. This is why we can't have nice things. I don't know how to help you more but I do feel your pain and I wish there weren't people like this in the world. But they do exist.


Yes, he just added that. After a long discussion he said he was "about to do it" and it was just a big coincidence that I brought it up. After 6 months of going around claiming he wrote all the code.


Well, your license gave them permission to pretty much do anything. As nefarious as it may be, it is not illegal.

https://github.com/avitorio/outstatic/blob/canary/license.md


It's not really about the law either, it's just a total dick move. They could've approached the OP about being co maintainers, or simply say that it's a forked version with improvements, or whatever. No need to steal credit and impersonate the OP.


In high-school, I got suspended a number of times for playing around with the school computers and stuff lol.

We didn’t grow up with a lot of money, so I didn’t get to play with fancy systems until school.

The things that I got in trouble for in school are now the same things that I make a living on; protecting apps from younger versions of me lol.

Some colleagues asked me before “but who would be dumb enough to try and log into a sensitive system?”.

My reply would be a naive 16 year old high schooler who doesn’t realize what they are doing, or the skill set that they may harness.


I have screenshots of conversations with OP offering to co maintainers and partners.

OP actually agreed, and then blocked me on Twitter lol..

No where am I impersonating OP. I am my own person, and will never claim to be someone else.

100% authentic Brandon Owens. I’ve been an ADHD disrupter all my life, ever since I was in grade school. Why would I stop now?

https://brandonowens.me/


Yes, MIT License allows for modification, not going around claiming you wrote all the code.


Elegant operates from within the United States of America, and we can say what we want without your approval as per the first amendment of the U.S. constitution correct?

I gave you credit, did everything you asked, kissed your butt, asked you to let me join your project.

You are just scorn over something and have decided to come to the internet and spread lies and slander our name.

It’s reassuring though to see the large majority of comments on this thread say that I didn’t do anything wrong, and tough shit on your part.

Get over it already, and work on fixing your bugs and user friction so that I can use your code directly in my project without having to rewrite it unit tests and solid design principals.


I think you're right that he stole your work without proper attribution. I'd suggest reporting his Reddit thread(s) if you haven't already. Or start a new thread like this HN one.


He took your advice, and posted slander on the next.js thread and caused a ton of people to start messaging me and harassing me and our project contributors.

The next.js mods review his claims and said that he didn’t have any grounds for a claim because he used an open mit license.

They locked the thread and said the matter was over.

OP blew it up and tried to take it further to other subreddits, and this stupid drama even pulled in Lee Robinson from Vercel.

I am making updates to my project based off the communities feedback.

Is there anything else you can recommend?


Thanks for the suggestion. I did create a thread on Reddit:

https://www.reddit.com/r/nextjs/comments/17wujjc/my_open_sou...


Hey Andre, I apologize for any grievances or ill feelings you have towards Elegant or my team.

I’m sorry for any miscommunications or misunderstandings, and I would be more than happy to take this offline and resolve this without continuing to pull in the development community.


Elegant-cli's author's mistake was not including a full-text copy of your MIT license (which has your name) in the repository (his own MIT license does not count as a "proxy"). That is precisely what the MIT license requires, and hence a direct non-compliance by Elegant-cli.

However, the MIT license does not dictate how Outstatic should be mentioned in Elegant-cli's marketing materials (like their website or README file).

Though poor etiquette, it is permissible for Elegant-cli to not mention you or Outstatic anywhere else, so long as full-text license copy with your name is included in the repository.

If you needed that kind of attribution, you should have picked something like the BSD-4-Clause (https://spdx.org/licenses/BSD-4-Clause) or MIT-advertising (https://spdx.org/licenses/MIT-advertising.html) licenses, instead of the MIT license.


The first thing that came to my mind after reading your post was the philmarilion from 4chan. Collecting these posts and submitting them with all these commentaries is.. a bit creepy. I find collecting stuff to be a good idea, but publishing them in this manner is another thing, seems to be a very knee-jerk reaction.

When I compare the two projects, I do see that you are right, he obviously just copy-pasted, I do understand your outrage. Why are you trying to shame him here, where your post will be compost in a matter of hours, instead of opening an issue or two (phrased more diplomatically) in his github project, and post the link here?


>Why are you trying to shame him here, where your post will be compost in a matter of hours, instead of opening an issue or two (phrased more diplomatically) in his github project, and post the link here?

the social effects on HN are stronger than Github issues; surely you must realize that.


Thanks for the suggestion. I haven't experienced this before so I'm not even sure how to react. I'm just astonished that people like this exist, taking work that you know isn't yours and pitching investors and other devs as your own?

I'm sorry, I think this guy needs to be put on blast. I tried doing this in a more diplomatic way through our Discord dms, but in no moment was any expression of regret or wrong doing brought up.


Your coming off as childish. Anyone can take your code and use it in whatever way they want. If you wanted to use a license where you keep ownership choose a different license.

If an investor will give them money good for them. If devs gives them praise good for them.

You gave the code away in the hopes someone would use it. Someone is.. you were the author to the first guy who took it. He is the author to the next group who forks.

It's like you came up with a joke and shared it. That person love it and retold it as his own.


Hard disagree. Plagiarizing an entire source repo and claiming it as your own with zero attribution to the other original author makes you a bona fide raging pile of human garbage. Every other field seems to have a basic system of ethics in place when it comes to this kind of thing, I don't know what it is about the software industry that makes devs so shameless.


In your example, he is claiming he came up with the joke. That's different isn't it?


I didn't see he claiming he developed your project. He uses it and developed a solution on top of it. What do you want from people using your code to compose other projects, pay you royalties? Make an altar for you?



Get over yourself already


Why do you think thieves should be treated with respect, and respond well to diplomacy?


I wonder what you want to get out of this, and what damage his clone is causing you and your project?

I've had my website cloned before and I totally get the feeling and absurdity of the situation, but realistically there is not a lot you can do without it (negatively) impacting you as well.

I think it's good to message this person, as they probably should include your license, maybe indeed make people aware, but at some point it might be better to let it rest and focus your energy towards your project.

Especially if it's not really a threat to your project (and it doesn't look like it is as your project seems like it's doing quite well, congrats!) you could wonder if the best course of action is to just not give it any attention at all.


Definitely, I agree with you. I tried reasoning with the person and at no point he expressed any sentiment of doing something wrong, to the contrary, he said he doubled down on the fact that he was being generous by offering me a chance to become the "cofounder" of his project. But I didn't decide to come public just because of that, that's only one example among many of ill intent and just not caring.


If you're really bothered by it, find a lawyer that will push the license issue further. You can get your product's name/license in there where credit is due.

Other than that, all you can do is build a better project (product?). It's the nature of the beast in open source... people steal constantly. You built something and were successful enough to have it stolen (at least once).


My previous submission months ago asking for guidance on open source licensing to avoid situations exactly like this: https://news.ycombinator.com/item?id=36327372


In the age of LLM , MIT credit become irrelevant because I could just let AI digest whole repository and let it spit out code that is unrecognizable to yours and everyone can just claim - this code is generated by AI, or they wrote them. AI not gonna give credit at all.


Although LLMs can be used and is being used as the tornado cash of copyright and such things, it doesnt guarantee an escape from legal repercussions in the future, it’s an ongoing debate with a lot of uncertainty and certainly more tooling will arrive to identify traces to origins


Hey dang, this guy is out here bashing me and spreading false claims; all which have been proved to be false.

Can you remove this post or something please?


OP claims I stole his project and is trashing me all of the internet and harassing my project contributors.

He claims I stole his idea 1 for 1, and just copied his work without his permission or giving him credit.

He gave me explicit permission to use his work; he has an open mit license; and I have given him credit and offered to sponsor his project.

Dang, he claims I stole his idea from him; but I have been certainly emailing you back and forth about a concept for a simple Wordpress alternatives for developers.

I was in the process of building out more content explaining the product, and preparing to launch here on hacker news as you suggested.


I think you have an issue with what open source means. He does mention outstatic in his repo and it seems that your project is one of many he's using. It seems like he's better than you at keep developing/selling the project, you should find a way to benefit from it, for example selling outstatic to his audience.

Edit: just checked the difference in stats of the project and his project is so smaller. I think you are complaining about nothing - soft and hard forks are the norm.


A risk is that this other person will claim to be the original author and sue or otherwise attack you for copying their work. I am not a lawyer, but in your case I would contact one and make sure that I had enough documentation of my authorship to survive a legal claim.

(My experience is in the United States only; things might be different in other countries).


Won't the github timestamps show which came first?


Something curious is that the oldest tag I can find on Github from Elegant is from March 16 [1], while the oldest tag I can find from Outstatic is from March 26 [2]

[1] https://github.com/elegantframework/elegant-cli/tree/v1.0-al...

[2] https://github.com/avitorio/outstatic/tags?after=v0.0.37



commits can be overwritten, what is actually reliable here is GitHub's "event stream"



Hey HN,

These claims that op has made have been found to be false. His project uses an Open MIT license, and I forked it like a good OSS community member does.

The main dealer breaker for me not using his code directly within my project was a serious GDPR and data privacy violation that I found on the surface of OP’s code.

https://github.com/avitorio/outstatic/blob/d440f8f53ee559fb3...

There is no disclaimers or privacy polices within OP’s website, project, or readers that say he is collecting analytics data, including sensitive GitHub project details.

Some of my users and customers require ISO2700 and SOC2 compliant solutions, and this was a huge red flag to us.

I contacted OP about it, and other security issues, but he blew me off and turned to trashing me online like this.

What do you think?


At lest now you learned not to use MIT license.


What damage is this person causing you exactly?


He told people to use this code however you want... Until you become more successful with it then he was. Then it becomes his code again.


Use the code however you want. Until you start recording videos telling the world you wrote the code from scratch, removing any references to the original project, telling people to join your project and asking investors to put money in your "genius" idea...


The only "damage" is loss of income should the duper find a way to scale his project up to the point it starts generating revenue.


Tell HN:


It seems to me that they forked your (MIT-licensed) project and are now more successful than you at marketing it and getting contributors. Yes not giving credit to you is a dick move, but it isn't a requirement of the license. Words like "stolen" are out of place and just make you sound bitter to be honest. This is just how open source works.


> Yes not giving credit to you is a dick move, but it isn't a requirement of the license.

Actually, it IS a requirement of the MIT license: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

From what I understand, the person OP is referring to did not include the copyright notice, and provided zero attribution until pressed.

> This is just how open source works.

No, open source works because people believe that even if their work is being used for free, their contribution is recognized. People like who the OP is referring to chill that sentiment and do immense harm to the "open source" ethos.


And if you open source work is being used by someone to generate revenue for themselves; then they should be a good open source community member and give back to the root project with contributions, community engagement, promo, collaborations, and even paying them sponsorships and donations.

I don’t think you have a full understand of the situation.

I am open to discussing it further with the community and resolving this unneeded gripe.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: