Hey team, I appreciate the effort, and really like Moq, thank you for creating it! In one project, I just did a dependency update and noticed that I get MOQ101 warnings when building in Visual Stud...
Also some fun takeaways: it also makes external calls to azure to load configuration and stays silent after updating for 2 weeks before showing warnings.
Moq is unusable. Needs to be forked or repoaced. Time to switch to NSubstitute.
Sounds like the dev was unsatisfied with the low sponsorship numbers on his project, which when you consider how many devs only ever interact with Moq via the package manager or command line might be a fair complaint...but the decision to just start harvesting user data like a lowlife as an alternative source of income is some galaxy brain shit.
It's not like this would even be sustainable. What did he think was going to happen, devs would just blindly accept a new shady looking package appearing in their dependency stack with no further investigation?
As a result of this stupidity Moq will now be on the shit-list of every corporation using .NET, especially those based in Europe due to GDPR implications.
Holy shit. This is so bad. That's my entire September gone... I actually fought internally for my company to donate to this and a couple of other projects, but I guess this one is off the donation list at this point.
Dev is still defending his action and apparently believes he's done nothing wrong. Harvesting developers email and extorting them by sabotaging builds is no big deal.
Absolute clown. OSS needs a better solution to funding devs hard work, but it is not a vehicle for an egomaniac to get rich.
I'm still pro-not mocking. Maybe this is a good opportunity to stop using so many mocks in our tests, and write validation on the actual behavior of your code.
I knew that software supply chain dependency poisoning was increasing becoming a problem with open source, I just didn’t expect it to be from the original creator.
I have many issues with this, but I don't know why you would assume I'd rather pay a few bucks of my own money vs much more of my companies. Paying for useful software in a revenue generating business is more common than not.
No need to rush out and replace Moq, you're fine if you're on a lower version. We are using 4.16 or something at work, and I don't see any need to take any action there. Didn't have a reason to upgrade anyway.
If the SponsorLink package comes back, and kzu is determined to push forward with it (which is absolutely his right to do) then long term I guess we'll move to something else. My preference would be to stop using mocks altogether.