There have been reports of extension authors getting "buyout offers" on HN. In one case I remember the author saying he informed the would be buyer that he never made any money from his extension, never tried to market it, and didn't think anyone would ever pay anything for it.
The buyer said none of that mattered as was only interested "how big your install footprint is..."
The author was confused but figured that the buyer had some plan to monetize it so sold it for $75-100k. Day he turned over the git repo to the project he saw that most of the dependencies had been replaced with dubious replacements and it dawned on him what had happened....
Same situation for pypi and npm library authors....software supply chain attacks are a big problem and it will probably only get worse due to LLMs
There have been reports of extension authors getting "buyout offers" on HN. In one case I remember the author saying he informed the would be buyer that he never made any money from his extension, never tried to market it, and didn't think anyone would ever pay anything for it.
The buyer said none of that mattered as was only interested "how big your install footprint is..."
The author was confused but figured that the buyer had some plan to monetize it so sold it for $75-100k. Day he turned over the git repo to the project he saw that most of the dependencies had been replaced with dubious replacements and it dawned on him what had happened....
Same situation for pypi and npm library authors....software supply chain attacks are a big problem and it will probably only get worse due to LLMs