Pretty sure the EULA does not cover copying essentially a DRM key from the SMC and checking it into GitHub, conveniently set up in such a way as the repo does not in fact require Mac hardware
The "secret" Apple OSK string is widely available on the Internet. It is also included in a public court document available here. I am not a lawyer but it seems that Apple's attempt(s) to get the OSK string treated as a trade secret did not work out. Due to these reasons, the OSK string is freely included in this repository.
Every so often I encounter a key in React (Preact, but preserved for compatibility) titled something like PRIVATE_DO_NOT_USE_OR_YOU_WILL_BE_FIRED and I appreciate the cutesy tongue in cheek acknowledgement that it’s not private and will likely be used anyway
It's not a cryptographic key or a secret of any kind. In the case of React (or other JS libraries) export identifiers are chosen to expose private APIs for integration purposes with things like developer tooling and other functionality that isn't part of the publicly documented API.
Instead of choosing something like `__PRIVATE` the React library in particular chose something more eye catching: `__SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED`, which is definitely sure to get people's attention when they look into it, but is essentially just a joke.
Because there are some really terrible projects out there made by guys who think that a two week "bootcamp" is enough to make you a competent developer. An SPA needs to access a third party resource of some sort (in my case it was Power BI), and fetching the necessary authentication information from your server with proper authorization is apparently too complicated. I ain't rewriting that shit, I have too much work already.
