Skip to content

Nick2bad4u/github-drama

BranchesTags

Repository files navigation

GitHub Mark logo for GitHub Drama project

Github Drama 🌩️

Curated Collection of Notorious GitHub Drama & Controversies
📰 Subscribe for Updates · 🤝 Contribute

Badge: PRs Welcome (green, flat-square style) Badge: Contributions Accepted (dark green, flat-square style) Badge: Contributors (dynamic count, flat-square style) Badge: GitHub Stars (dynamic count, flat-square style) Badge: GitHub Issues (dynamic count, flat-square style) Badge: Last Commit (dynamic date, flat-square style) Badge: Repository Views (dynamic count, flat style) Badge: License (UnLicense, flat-square style) Badge: Code Style (Prettier, pink, flat-square style) Badge: Made with (Markdown, blue, flat-square style) Badge: Forks (dynamic count, flat-square style) Badge: GitHub Pages Status (dynamic, flat-square style)

📑 Table of Contents

🧐 About

github-drama is a curated, community-driven archive of the most dramatic, controversial, and memorable moments in GitHub and open source history. This project aims to document and preserve links to heated discussions, infamous issues, and contentious pull requests for posterity, learning and archival purposes.

⚠️ Purpose: This repository is for educational and historical reference only. It is not intended to harass or target any individual or group.

For contributing guidelines, see CONTRIBUTING.md.

🌳 Phylogenetic Tree

🎭 Drama Archive

This is a curated collection of "dramatic" GitHub interactions.

Legcord/Legcord

  • Legcord/Legcord/issues/745
    • The project received a cease and desist from ARM LLC, requiring the removal of "Arm" from "ArmCord." The team announced rebranding efforts to "Legcord" and detailed ongoing and completed tasks for renaming packages and updating distribution channels. The official notice is available here. Issue is closed as completed.

ventoy/Ventoy + ventoy/PXE

  • ventoy/Ventoy/issues/2795

    • Issue raised concerns about the presence of prebuilt binary blobs ("BLOBs") in the source tree, especially after the XZ-Utils incident. The reporter urged a shift to reproducible builds and build-from-source practices. The issue was closed as a duplicate, with extensive discussion (170 comments).

  • ventoy/PXE/issues/106

    • Security concerns were raised regarding iVentoy, specifically that it installs unsafe Windows kernel drivers and a self-signed root certificate, potentially exposing users to attacks. The report includes detailed technical analysis and links to VirusTotal results for the identified files. Issue is closed as completed.

actix/actix-web

albertodemichelis/squirrel

  • albertodemichelis/squirrel/pull/67
    • A pull request to remove a redundant assert(0) statement to fix a GCC6 warning led to a lengthy debate about compiler behavior, code correctness, and whether the assert should remain for safety.

Alex313031/thorium

ambv/black

  • ambv/black/issues/118
    • A heated debate erupts over Black's strict formatting rules, with users arguing about code style enforcement and the project's "opinionated" approach. The thread becomes a battleground for code formatting philosophies.

audacity/audacity

  • audacity/audacity/pull/835 (archive: 1)
    • Audacity maintainers propose adding Analytics to the open-source audio editor, sparking immediate backlash from privacy-conscious users.

angular/angular-cli

ansible/ansible

  • ansible/ansible/issues/10530
    • Users are surprised by the appearance of "cowsay" ASCII art in Ansible output, enabled by default if the cowsay binary is present.

ant-design/ant-design

ariya/phantomjs

aspnet/Home

atom/tree-view

atom-minimap/minimap

AUTOMATIC1111/stable-diffusion-webui

ayojs/ayo

  • ayojs/ayo/issues/36 (archive: 1, 2)
    • Ayo.js forked from Node.js due to accusations of numerous violations of the Code of Conduct of Node.js.

badges/shields

bitwarden/clients

  • bitwarden/clients/issues/11611
    • Bitwarden's desktop version 2024.10.0 introduced a proprietary SDK, making it impossible to build the client without it.

bower/bower

causiq/logary

  • causiq/logary/issues/345
    • Logary introduced a licensing model that required commercial IIS/Kestrel users to pay fees, sparking debate over fairness and F# ecosystem support.

chrisaljoudi/uBlock

CleverRaven/Cataclysm-DDA

cloudflare/wildebeest

  • cloudflare/wildebeest/issues/303 (archive: 1, 2, 3, 4)
    • Cloudflare's embrace-and-extend Fediverse software posts private messages to the local public timeline. Cloudflare maintainers have flagged several comments that go into technical detail about the bug as spam.

crablang/crab

daeuniverse/dae

deepseek-ai/DeepSeek-LLM

dear-github/dear-github

Delgan/loguru

  • Delgan/loguru/issues/563
    • Loguru's use of pickle for exception serialization was flagged as a security risk by a user's company.

django/django

docker/docker

docker/for-mac

  • docker/for-mac/issues/1120
    • Docker users requested the ability to download old releases, citing issues with newer versions and the lack of an official archive.

doktornotor/pfsense-still-closedsource

  • doktornotor/pfsense-still-closedsource
    • A repository was created to document claims that pfSense falsely advertises itself as open-source, arguing that key components are not publicly available.

dominictarr/event-stream

dotnet/cli

dotnet/csharplang

dotnet/maui

dotnet/roslyn

dotnet/runtime

  • dotnet/runtime/issues/27939
    • Tuple member naming conventions in .NET were debated, with discussions on whether PascalCase or camelCase should be used.
  • dotnet/runtime/issues/92849
    • Math.Round failed to round 0.50 values correctly, leading to an argument over whether it should round to the nearest even number or always round up.

dotnet/sdk

dotnet-foundation/Home + reactiveui/splat

EpicGames/Signup

facebook/react

  • facebook/react/issues/10191
    • A user request for Facebook to re-license React from the BSD+Patents license to a more permissive license like Apache 2.0, following RocksDB's example.

facebookresearch/llama

fasterthanlime/42da9378768aebef662dd26dddf04849

Feodor2/Mypal

github/dmca

golang/go

google/googletest

GoogleCloudPlatform/click-to-deploy

greatsuspender/thegreatsuspender

Homebrew/homebrew-core

lllyasviel/stable-diffusion-webui-forge

indutny/node-ip

iperov/DeepFaceLive

  • iperov/DeepFaceLive/issues/41
    • A user argued that DeepFaceLive should cease development, claiming the technology is primarily used for scams and deception.

irungentoo/toxcore

jashkenas/underscore

jdm-contrib/justdelete.me

Jguer/yay

joyent/libuv

jquery/download.jqueryui.com

JuliaLang/IJulia.jl

katharostech/bevy_retrograde

keepassxreboot/keepassxc

kenwheeler/slick

  • kenwheeler/slick/issues/681
    • A user reported that swiping left or right on linked images in the Slick slider would activate the link, which was considered undesirable behavior. The user compared it to RoyalSlider, which required a tap to activate the link.

kmmbvnr/django-jenkins

  • kmmbvnr/django-jenkins/issues/349
    • A user suggested moving the tutorial to ReadTheDocs to make it easier for contributors to edit and fix typos. The user even set up a ReadTheDocs project and offered to help migrate the documentation.

kraih/mojo

  • kraih/mojo/issues/656
    • A user criticized the project's practice of instructing users to run curl get.mojolicio.us | sh, citing security concerns about piping untrusted network data directly to a shell, use of HTTP without TLS, and multiple redirects.

Ksh93/Ksh

Ldapjs/Node-Ldapjs

Lerna/Lerna

  • Lerna/Lerna/pull/1616
    • Lerna maintainers added a clause to the MIT license banning use by companies and organizations that collaborated with US Immigration and Customs Enforcement (ICE), including Microsoft, Amazon, Palantir, and others.
  • Lerna/Lerna/pull/1619
    • Many users and contributors objected, arguing that the new license was no longer MIT, violated open source principles, and created legal and compliance confusion. Automated license checkers and companies relying on Lerna were affected.
  • Lerna/Lerna/issues/1622
    • At least one contributor requested removal of their code from the project, condemning the politicization of open source.
  • Lerna/Lerna/issues/1625
    • Same complaints as issue 1619 above.
  • Lerna/Lerna/issues/1628
    • Users requested that any license change be released as a major version bump to avoid breaking builds.
  • Lerna/Lerna/issues/1630
    • Some called for the removal of the maintainer responsible for the change, citing Code of Conduct violations and unprofessional behavior.
  • Lerna/Lerna/pull/1631
    • There were attempts to remove specific companies (e.g., Microsoft) from the blacklist, with debate about the accuracy and fairness of the list.
  • Lerna/Lerna/issues/1632
    • Same complaints as issue 1619 above.
  • Lerna/Lerna/pull/1633
    • The Lerna team reverted the license change, restoring the original MIT license. The maintainer responsible for the controversial change was removed from the project.

Marak/Colors.js and Marak/Faker.js

  • colors.js/issues/285
  • colors.js/issues/290
  • faker.js/issues/1046
    • In early 2022, the maintainer of colors.js and faker.js, Marak Squires, intentionally corrupted the codebases of both libraries. He introduced infinite loops and nonsensical output, causing widespread breakage for projects and applications that depended on these popular npm packages.

mdn/yari

Microsoft/Terminal

  • Microsoft/Terminal/issues/10362
    • A user reported that Windows Terminal had extremely slow performance when processing virtual terminal sequences, especially with per-character color codes, resulting in a 40x slowdown.

Microsoft/TypeScript

  • Microsoft/TypeScript/pull/3622
    • This pull request introduced intersection types to TypeScript. While the technical discussion was extensive, it also became contentious. Several users expressed confusion and frustration over the conceptual model and terminology, especially those coming from statically typed language backgrounds.

Microsoft/vscode

Microsoft/vsmarketplace

Microsoft/web-build-tools

  • Microsoft/web-build-tools/issues/673
    • This issue concerns a license compliance question about whether Microsoft's Rush project was derived from Lerna, following public claims by a Lerna maintainer.

Mishoo/UglifyJS2

Moment/Moment

  • moment/moment/issues/1407
    • Moment.js deprecated constructing dates from non-ISO strings due to unpredictable behavior across browsers, especially with legacy formats and the JavaScript Date constructor.

Moq/Moq

Moxystudio/Node-Cross-Spawn

  • moxystudio/node-cross-spawn/pull/102
    • A user proposed removing the nice-try dependency, arguing it was unnecessary and contributed to dependency bloat for a package used by thousands of projects.

MrGlockenspiel/Activate-Linux

MrMEEE/Bumblebee-Old-and-Abbandoned

NanoAdblocker/NanoCore

NationalSecurityAgency/Ghidra

Nextcloud/Android

Nextcloud/Server

NixOS/Foundation

NixOS/Nixpkgs

  • NixOS/nixpkgs/issues/4952
    • A frustrated user details their struggles building Emacs and SBCL on NixOS, criticizing the project's documentation, package management, and the complexity of the Nix language.
  • NixOS/nixpkgs/pull/381817
    • A PR to disable telemetry by default in the devenv package is merged without maintainer consent, triggering a heated debate.

Nixxquality/WebMConverter

Nodejs/Inclusivity

Nodejs/Node

  • Nodejs/Node/issues/3721
    • A proposal to replace the use of "suicide" as a verb in the Node.js codebase leads to a sensitive discussion about language, mental health, and the impact of terminology in open source projects.
  • Nodejs/Node/pull/4765
    • Microsoft proposes enabling Node.js to run on the ChakraCore JavaScript engine, sparking a massive, technically complex debate about cross-engine support, project scope, maintenance burden, and the risk of ecosystem fragmentation.

Nodejs/Readable-Stream

  • nodejs/readable-stream/pull/238
    • A PR to inline a trivial isArray function instead of depending on a tiny npm package ignites a surprisingly intense debate about micro-dependencies, licensing, copyright, and the philosophy of code reuse.

Nodejs/TSC

  • nodejs/TSC/issues/8
    • A Node.js TSC member temporarily bans a user for making an inappropriate comment in the inclusivity repo.

Npm/Npm

  • npm/npm/issues/19883
    • A user opens an issue to report that npm's package-lock.json is being automatically updated even when running npm install --no-save, which they argue is unexpected and undesirable behavior.

Obsproject/Obs-Studio

  • obsproject/obs-studio/pull/2868
    • A long-running and heated pull request to add AppImage support to OBS Studio for Linux devolved into a major conflict between the AppImage developers and OBS maintainers.
  • obsproject/obs-studio/pull/10043
    • Single JSON change that adds another streaming service rejected by maintainer with zero commits in the last few days, citing not meeting unspecified requirements.

Oerdnj/Deb.sury.org

  • oerdnj/deb.sury.org/issues/1768 (archive: 1, 2)
    • A user reported that the PHP APT GPG key was unavailable over IPv6, leading to a protracted and increasingly hostile discussion.

Omnivore-App/Omnivore

opal/opal

openbb-finance/OpenBBTerminal

Opencart/Opencart

  • opencart/opencart/pull/219
    • A user submitted a bugfix for a checkout issue affecting customers without predefined addresses. The maintainer dismissed the fix.
  • opencart/opencart/issues/1269
    • A user reported that OpenCart’s password hashing was insecure, providing technical details and recommendations.
  • opencart/opencart/issues/1534
    • A security researcher reported a PHP object injection vulnerability after a failed attempt to contact the maintainer privately.
  • opencart/opencart/pull/1594
    • A contributor pointed out cryptographic flaws in OpenCart’s encryption implementation.
  • opencart/opencart/issues/3834 (archive: 1, 2)
    • A user urged OpenCart users to switch to OpenCart-CE, a community-driven fork, due to the original project’s lack of updates and security patches.

OpenTTD/OpenTTD

Orgs/Community

  • orgs/community/discussions/65343
    • Major user backlash against GitHub’s feed redesign, with hundreds of comments criticizing the removal of chronological order, algorithmic curation, and lack of user control.

Palantir/Tslint

P-H-C/Phc-Winner-Argon2

PiotrGrochowski/Consolas

Pkgxdev/Pantry

  • pkgxdev/pantry/issues/5358
    • User criticized the use of AI-generated, inaccurate, or nonsensical package descriptions on the pkgx.dev site, expressing concern about trust and suggesting using real metadata instead.

PolyMC/PolyMC

  • PolyMC/PolyMC/commit/ccf2825
    • The commit deleted the CODE_OF_CONDUCT.md file with a commit message referencing reclaiming the project from "leftoids."
  • PolyMC/PolyMC/issues/656
    • User accused PolyMC maintainers of abusing GitHub takedown requests to suppress forks, arguing this violates the GPLv3 and calling for adherence to open source principles.

Portainer/Portainer

  • portainer/portainer/issues/8452
    • Summary:
      • Portainer developers add an obnoxious e-begging button and call the built-in begware a new feature, not a bug.
      • Kubernetes users install ad blockers in their development environment to suppress the nagware.
      • The community then creates new ad-free forks and Docker images.

PowerShell/PowerShell

  • PowerShell/PowerShell/pull/1901
    • A user proposed removing the curl and wget aliases from PowerShell due to confusion and incompatibility with the real tools.

Prettier/Prettier

Probonopd

Projecthamster/Hamster

Promises-Aplus/Promises-Spec

ptsteadman/notebook

  • ptsteadman/notebook/pull/1 (archive: 1, 2)
    • A minor typo fix PR led to off-topic comments and direct message drama, with the maintainer stepping in to request that discussions remain relevant and civil.

Pyca/Cryptography

  • pyca/cryptography/issues/5771
    • Users raised concerns about the project's increasing reliance on Rust dependencies, especially regarding platform support and installation difficulties.

Pypa/Pipenv

  • pypa/pipenv/issues/1050
    • Longstanding requests for supporting multiple python_version values in Pipfile remain unresolved.

p0deje/maccy

  • p0deje/Maccy/issues/482 (archive: 1, 2, 3)
    • Some users can't figure out why they can't copy or paste with the clipboard manager and can't find any fix. Several people with the problem complain, and the problem is widespread due to the Ventura update. Finally, after much struggle, the issue is closed.

Qbittorrent/QBittorrent

  • qbittorrent/qBittorrent/issues/9407

  • qbittorrent/qBittorrent/issues/18618

    • Summary:
      • Without first consulting the qBittorrent developers privately, an alt account publicly disclosed a path traversal vulnerability by opening a GitHub issue in February 2023. (Coordinated Vulnerability Disclosure, CVD, Wikipedia)
      • One GitHub user responded, "That doesn't respect my freedom™ to use a better client." Many reacted to the reply with a thumbs-down emoji. (Source)
      • Another GitHub user commented, "What is your problem with using civilized language?" A qBittorrent maintainer marked the comment as abuse. (Source)

Rails/Rails

raivo-otp/ios-application

Redis

  • redis/redis/pull/13157
    • Redis Inc. submitted a pull request to change the Redis database’s license from the open-source BSD 3-Clause to the Redis Source Available License (RSAL) and Server Side Public License (SSPL).

Redis-Rs

  • redis-rs/redis-rs/issues/1419
    • Following Redis’s license change, the maintainer of the popular Rust client redis-rs opened an issue to discuss the project’s future. The issue revealed that Redis Inc. had contacted the maintainer, pressuring them to change the crate’s name and branding due to trademark concerns.

Resque/Resque

Restic

  • restic/issues/1786
    • A user requested that restic, a backup tool, allow repositories to be created with empty passwords.

RIAEvangelist/Node-ipc

  • RIAEvangelist/node-ipc/issues/233 (archive: 1)
    • The maintainer of node-ipc, a widely used npm package, published a version that, under certain conditions, overwrote files on users’ systems with a peace message.

Rms-Open-Letter

  • rms-open-letter
    • In March 2021, an open letter was published calling for the removal of Richard Stallman (RMS) from leadership positions in the Free Software Foundation (FSF) and related organizations, following his return to the FSF board.

rupertbenwiser/web-environment-integrity

Robertdavidgraham/Masscan

  • robertdavidgraham/masscan/issues/482
    • This issue was opened to request the removal of "master/slave" terminology from the Masscan codebase, citing the terms as outdated and offensive.

Rollup/Rollup

rubocop/rubocop

SerenityOS/Serenity

Signalapp/Signal-Android

  • signalapp/Signal-Android/issues/8974
    • Signal developers removed a passphrase and forced users to use a fingerprint. User claims that they received money from secret service for reducing a privacy of their app.

snarfed/bridgy-fed

Spatie/Laravel-Newsletter

Spring-Projects/Spring-Hateoas

Standard/Standard

Stevemao/Left-Pad

  • stevemao/left-pad/issues/4
    • The infamous left-pad incident: the package is unpublished, breaking thousands of builds and sparking widespread discussion about npm's package management and the fragility of the ecosystem.

Strongloop/Loopback

  • strongloop/loopback/issues/1079
    • Controversy erupts when users discover the package phones home via optionalDependencies, causing slow installs and privacy concerns.

Syl20bnr/Spacemacs

Systemd/Systemd

  • systemd/systemd/issues/1143
    • A user reports that setting the system date far in the future causes systemd to get stuck printing "Time has been changed" repeatedly, leading to confusion and jokes about time travel bugs.
  • systemd/systemd/issues/2402
    • Mounting efivarfs read/write by default allows accidental deletion of EFI variables, resulting in bricked hardware.
  • systemd/systemd/issues/5644
    • A bug in tmpfiles allows a specific glob pattern to recursively delete the root directory, prompting alarm over the potential for catastrophic data loss.
  • systemd/systemd/issues/5755
    • A user requests that systemd-resolved select DNS servers in a round-robin fashion, but the actual behavior differs.
  • systemd/systemd/issues/6237
    • Systemd fails to handle usernames starting with a digit, causing privilege escalation and service failures.
  • systemd/systemd/issues/6259
    • A follow-up to the previous issue, this thread debates whether usernames starting with digits should be allowed, referencing standards and real-world usage.
  • systemd/systemd/issues/6369
    • A bug is reported where systemd's hostnamed mishandles FQDNs with trailing dots, leading to incorrect hostname settings and confusion over DNS conventions.

Tc39/Proposal-Cancelable-Promises

Telegramdesktop/Tdesktop

  • telegramdesktop/tdesktop/issues/96
    • A long-standing request for spellchecking support in Telegram Desktop gathers hundreds of comments, with users expressing frustration over the lack of progress and maintainers citing technical challenges.

tenacityteam/tenacity

  • tenacityteam/tenacity/issues/99 (archive: 1, 2)
    • Tenacity, an Audacity fork, is an easy-to-use multi-track audio editor and recorder. A GitHub user named Cookiengineer was the leader and one of the developers of Tenacity.
    • Some 4chan users doxxed and attempted to murder Cookiengineer in a coordinated attack campaign in July 2021.
    • Journalistic Media:
  • tenacityteam/tenacity/issues/99
    • Cookiengineer quit after the harassment and stabbing from the 4chan users.

Tiangolo/Fastapi

  • tiangolo/fastapi/issues/3273
    • A user complains that the FastAPI documentation's "Concurrency and async/await" section uses too many emojis, making it distracting and hard to read.

Tip4commit/Tip4commit

  • tip4commit/tip4commit/issues/127
    • Mitsuhiko requests the removal of all their repositories from Tip4commit, objecting to third-party sites "gamifying" their projects.

Tj-Actions/Changed-Files

Todogroup/Opencodeofconduct

Tootsuite/Mastodon

Torvalds/Linux

Twbs/Bootstrap

  • twbs/bootstrap/issues/3057
    • A user reports that missing semicolons in bootstrap-dropdown.js cause minification errors in Firefox.

Twitter/Scrooge

  • twitter/scrooge/issues/222
    • A user points out that the project's build status icon shows a failing build, suggesting it should be fixed or removed

ValveSoftware/Source-1-Games

Vcflib/Vcflib

  • vcflib/vcflib/issues/206
    • A frustrated user reports that the vcf2tsv tool fails to separate per-allele records with newlines, resulting in jumbled output. They also complain about the random reordering of INFO fields.

VHSgunzo/Lutris-Wine

Vimeo/Player.js

Voat/Voat

Ultralyics/Ultralytics and ltdrdata/ComfyUI-Impact-Pack

Webpack/Webpack-Cli

  • webpack/webpack-cli/issues/1612
    • A user reports that importing fs/promises works with TypeScript but fails with Webpack, triggering a "Can't resolve 'fs/promises'" error.

WhisperSystems/Signal-Android

WICG/Interventions

  • WICG/interventions/issues/18
    • A heated debate erupts over Chrome's intervention to block synchronous XHR requests during page dismissal (e.g., in unload/beforeunload events).

winampdesktop/winamp

  • WinampDesktop/winamp/issues/56
  • /WinampDesktop/winamp/issues/6
    • Summary:
      • Winamp have open sourced the original player's code.
      • They have chosen a custom license, forbidding forks, and distributing modifications among other things.
      • Github users are outraged, started arguing in issues, and opened several troll pull requests.
      • Finally, Winamp owners delete the source code repository.
    • Journalistic Media: TheRegister.com

xenia-canary/xenia-canary

  • xenia-canary/xenia-canary/pull/180
    • Summary:
      • One of the developers of Xenia, an Xbox 360 emulator, added an anti-feature that plays loud noises when loading ISO images, together with nagging messages about "piracy".
      • The developer was revealed to be a Discord moderator who was frustrated with users asking for support without proving ownership of the game.
      • After backlash, the developer deleted his account, and other contributors later cleaned up the mess.
    • Journalistic Media:

yuzu-emu/yuzu

  • yuzu-emu/yuzu/issues/13189 (archive: 1)
    • Summary:
      • Windows 7 user complained about lacking support for his OS.
      • User didn't like being told to switch to Linux.
      • User intensively messaged Nintendo of America to issue a Cease & Desist letter to developers.
      • Opens issue when they actually did it.
    • Journalistic Media:

Zedeus/Nitter

  • zedeus/nitter/issues/983
    • Users report that Nitter, a privacy-focused Twitter/X frontend, has stopped working due to changes or blocks implemented by Twitter/X.

Zenparsing/Es-Observable

zloirock/core-js

See also

About

A modern Github Drama list.

nick2bad4u.github.io/github-drama/

Topics

drama github-drama controversy software-development-process pr-drama github-controversy

Resources

Readme

License

Unlicense license

Code of conduct

Code of conduct
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository