Nesbitt: Protestware for coding agents

Andrew Nesbitt has written a blogpost detailing a recent incident with the jqwik library for property-based testingin Java. On May25, the 1.10.0 release of jqwik included a changethat attempts to instruct coding agents to disregard previousinstructions and delete jqwik tests and code.

I think this is a new class of supply-chain input worth keeping an eyeon, mostly because of how little of the existing tooling has anyopinion about it. A System.out.print of sixty-eight bytes of plainASCII isn't the kind of thing scanners are looking for, since thosewatch for install hooks, network calls, filesystem writes, obfuscatedstrings and the like. The jar makes the same syscalls it made in 1.9,and because the change was committed and released by the legitimatemaintainer through the normal build, it's clean from a SLSA point ofview too: the provenance is what it should be. Anyone who reads thediff can see what it does, but a patch bump of a test-scopeddependency is not where most projects spend their review time.