Just guessing, but it probably wasn't planned as open source.
The real version control history might be full of useless internal Jira ticket references, confidential information about products, in Mandarin, not even in git... there's a thousand reasons to surface only a minimal fake git version history, hand-crafted from major releases.
*used to be unsafe
just to note, other implementations have the same design (silent and truncate), I've recently found out that htpasswd from Apache HTTP server has the same silent behavior
Well, if you limit the discussion to passwords, you're right, maybe no need to worry especially if using randomly generated ones (like ones from password managers), but if the algorithm is used to check some "composed" credentials (like what happened with Okta last year) then maybe it's worth worrying about, no ?
Double-Hatted Data Scientist & Engineer with experience building end-to-end ML systems—from data pipelines (Python, Spark, AWS, Azure, Hadoop on premises) to production-grade models (Scikit-learn, PyTorch, TensorFlow).
I've led projects in geospatial ML, fraud detection, and LLM/RAG apps. Strong focus on clean code, data quality, and scalable, reusable ML infrastructure.
Open for opportunities where I can contribute to impactful data-related projects.
