cross-posted from: https://lemmy.ml/post/45529149

Here is the message where he found out what happened:

I didn’t receive any information about it but when creating a support ticket I was told my account has been flagged and I had to do some extra verification. I’ve created a support ticket now and will keep you posted. I’ll believe it’s nothing major though, I use 2FA everywhere, the last commit on all repos is what I expect, and all sessions and usages look fine

Absolutely fuck Github and Microslop, they can just vanish your projects without notice whenever they want with barely any justification for it, and then take their sweet time to fix it too.

  • dust_accelerator@discuss.tchncs.deEnglish
    6·
    5 hours ago

    VLLM litellm supply chain attack.

    Creator possibly was compromised and likely a security measure.

    Affected versions were not pushed IMO, but the owners machine may have been compromised.

      • dust_accelerator@discuss.tchncs.deEnglish
        2·
        2 hours ago

        I do not know for sure, but the repo did contain the dependency litellm with version specifier >=1.65.0 (if I recall correctly) and an early march build did use the version 1.81.0 per the uv.lock (version before the compromised litellm==1.82.7 and litellm==1.82.8 )

        https://docs.litellm.ai/blog/security-update-march-2026

        Not saying that the Dev was compromised, but it is possible, and it could be some Github precaution to disable repos with that dependency where a pip install at the wrong time could have compromised all the Devs credentials.

  • cecilkorik@lemmy.caEnglish
    31·
    11 hours ago

    Self host your own code repo. Forgejo is adding activitypub and federation features, not sure how far long they are, but someday if enough people start self-hosting we might have a viable decentralized way to collaborate on and contribute to each others’ projects.

      • litchralee@sh.itjust.worksEnglish
        21·
        9 hours ago

        Because of the AI-induced scraping traffic? While not perfect, Anubis and similar are coarse-but-effective solutions for self-hosting repos.

        And if it it were acceptable to outsource such protection to a CDN (eg Cloudflare) in order to retain firm control over the repo, then that’s a choice that’s also available. Not everyone agrees that CDNs have a role in self-hosting – fair enough – but when a project’s very repo and existence can be wiped off the internet, owning a domain name and the affirmative upstream repository is a tractable and intermediate goal, even if it doesn’t achieve full independence.

        Self hosting is an exercise in harm reduction.

  • JustGottaWhippet@quokk.auEnglish
    3·
    8 hours ago

    Honestly as much as people hate the complexity sometimes replicating the repo from Github to Codeberg or other places is great for redundancy. Or maybe use a local repo for all development and releases and push out to public VSC.