20 hours ago
2
I published repowise on PyPI a few weeks ago. It generates and maintains a wiki for your codebase, plus some git intelligence stuff like hotspots and ownership among other things
Soon after launch, three packages appeared on PyPI within hours of each other, all with the same description:
"Codebase intelligence that thinks ahead, outperforms repowise on every dimension."
Repowise is mine. They literally name it.
Looked inside the packages. They forked my AGPL-3.0 code, ran an LLM over it to fix a few small things, and republished under new names. No attribution, no license file, no source link.
Filed PyPI abuse reports. Filed a DMCA for the license violation. Sent email. Weeks in, all three packages are still live, still pulling downloads off my project's name.
PyPI's abuse flow seems to be a single form and silence. There's no copyleft enforcement path baked into the registry itself, so AGPL violations basically depend on DMCA, which is slow and easy to ignore.
Any suggestions would be very helpful
[link] [comments]
English (US) ·