Don Ho, the creator of the widely used Windows text editor Notepad++, has publicly denounced an unauthorized macOS port that launched in early May 2026. The port, branded as “Notepad++ for Mac” by developer Andrey Letov, uses the project’s name, chameleon mascot, and visual identity without permission. Ho’s condemnation has sparked a fierce debate about the boundaries of open source forking, trademark protection, and the risks users face when downloading software from unverified sources.

Notepad++ has been a staple on Windows for over two decades, prized for its lightweight design, syntax highlighting for dozens of programming languages, and a robust plugin ecosystem. Yet, a native macOS version has remained conspicuously absent from the official roadmap. Ho has repeatedly explained that the codebase relies heavily on Win32 APIs and Scintilla, making a port resource-intensive and not a priority. This gap has created an opportunity for third-party developers, but not all attempts have been welcomed.

The Unauthorized Port Surfaces

In early May 2026, a new application appeared on software distribution platforms, calling itself “Notepad++ for Mac.” It mimicked the familiar Notepad++ interface, right down to the iconic green chameleon logo. The developer, Andrey Letov, presented it as a fully functional port, claiming to bring the beloved editor to Apple’s ecosystem. Almost immediately, it gained traction among Mac users eager for a native experience.

However, the port was not sanctioned by the Notepad++ project. Letov had not sought permission to use the name or branding. The code, while likely based on the open source Notepad++ repository, was packaged and distributed without coordination with the official maintainers. This set the stage for a confrontation that would resonate across the open source community.

Don Ho’s Public Denunciation

On May 7, 2026, Ho took to the official Notepad++ website and social media channels to address the situation. “I have nothing to do with this so-called Notepad++ for Mac,” he wrote. “It is not built by me, not endorsed by me, and I cannot vouch for its safety or quality.” Ho emphasized that while the GPL license allows anyone to fork the code, the use of the project’s name and logo without consent violates the spirit of the community and potentially trademark law.

His statement went further, warning users about the risks of downloading software from unverified sources. “You don’t know what has been added to the binary. It could contain malware, spyware, or simply be a broken piece of software that damages your files,” he cautioned. The directness of his rebuke was unusual for a figure known to be soft-spoken, signaling the seriousness with which he viewed the infringement.

Licensing vs. Branding: The Forking Dilemma

Notepad++ is distributed under the GNU General Public License (GPL), which grants anyone the freedom to use, modify, and share the code—even for commercial purposes—as long as the same freedoms are preserved in derivative works. This is a cornerstone of open source. Forks are not only legal but encouraged as a way to foster innovation. However, the GPL does not grant rights to trademarks or branding.

Letov’s fork appears to have crossed the line from permissible code reuse to identity theft. By using the exact name “Notepad++” and the chameleon logo, the port creates confusion. Users might believe it is an official release, potentially damaging the reputation of the original project if the port is buggy or insecure. Ho’s argument is that this goes beyond what the GPL intends, entering the realm of false representation.

“You are free to take the code and build your own editor, even call it something like ‘SuperPad for Mac based on Notepad++’—but you cannot pretend to be us,” Ho explained in a follow-up post. This distinction between code freedom and brand protection is often misunderstood, and the incident serves as a high-profile lesson for developers.

The Software Supply Chain Angle

For Windows enthusiasts, the Notepad++ for Mac controversy may seem distant, but it carries universal implications about the software supply chain. The term, borrowed from manufacturing, describes the complex web of dependencies and distribution channels that deliver code to end users. An unauthorized fork, especially one distributed outside official channels, introduces a point of potential compromise.

If Letov’s port contained malicious code, it could harvest user data, inject ads, or act as a vector for ransomware. Even without intentional malice, a poorly maintained fork might harbor vulnerabilities that go unpatched. The official Notepad++ project has a long history of rapid security updates. A third-party port, disconnected from that infrastructure, leaves users exposed.

Ho’s warning echoes broader industry concerns. In 2024, the open source world was rocked by the XZ Utils backdoor, where a malicious contributor nearly introduced a critical vulnerability into a core utility. That incident proved that trust in software origin is paramount. The Notepad++ for Mac episode, while not necessarily malicious, underscores how easily user confidence can be exploited when branding is co-opted.

Community Reactions and Divided Opinions

Responses within the developer community have been mixed. Some applaud Ho for defending the integrity of his project. “Trademark is the only thing that keeps open source projects from being overtaken by impostors,” one commenter wrote on Hacker News. Others argue that the port is precisely what open source is for. Mac users have been begging for a native Notepad++ for years, and a fork that fills that need should be celebrated, not condemned.

Critics of Ho’s stance point out that the GPL explicitly permits forking, and if the macOS port complies with the license by releasing its source code, then it is ethically sound. They suggest that Ho could instead work with Letov to integrate the port as an official or semi-official project. However, Ho’s history with macOS ports has been cautious. In the past, he has stated that maintaining a macOS version would require significant resources and that he would rather focus on the Windows edition.

Letov, for his part, has not publicly responded in detail to the criticism. The “Notepad++ for Mac” listing remains active on some platforms as of mid-May, though it is unclear whether the name will be changed. The situation remains fluid.

Lessons for Users: How to Verify Software Authenticity

The Notepad++ dispute is a practical case study in verifying software authenticity. Users can protect themselves by following a few key steps:

  • Check the source: Download software only from official websites or recognized app stores. For Notepad++, the legitimate source has always been notepad-plus-plus.org.
  • Verify digital signatures: Official Notepad++ binaries are digitally signed. On macOS, the Gatekeeper system can block unsigned apps, but a determined attacker can still bypass it with social engineering.
  • Look for community signals: Official projects usually have active forums, GitHub repositories with many stars, and clear documentation. A sudden new site with dubious contact info is a red flag.
  • Examine the domain: Ho’s project has a long-standing presence. Any alternative domain, especially one registered recently for the sole purpose of distributing a port, should be treated with suspicion.
  • Consult package managers: For macOS, tools like Homebrew are trusted sources. If a “Notepad++ for Mac” appears there, verify it is linked to the official maintainers before installing.

The Future of Notepad++ on Mac

Is an official macOS version of Notepad++ on the horizon? Ho has been consistent in saying no. The application is deeply tied to Windows, and rewriting it for another platform would be a monumental task. Instead, Ho has focused on incremental improvements to the Windows version, with recent releases enhancing large file handling and dark mode.

For Mac users, the alternatives remain plentiful: BBEdit, CotEditor, Sublime Text, and Visual Studio Code all offer powerful editing features. Yet the pull of Notepad++ persists because of its simplicity and nostalgia. The unauthorized port attempt reflects a genuine demand, but it also highlights the risks of desperation.

Letov’s fork may yet evolve into a legitimate project if it drops the confusing branding. A name like “ChameleonPad” or “NotepadNext for Mac” could distance it from trademark issues while still signaling its heritage. Open source thrives on such adaptations. The question is whether Letov will take that path and whether Ho will ever bless an independent effort.

Conclusion: Integrity in the Open Source Ecosystem

The Notepad++ for Mac clash is more than a technical dispute; it is a defining moment for open source governance. It underscores that while code can be free, identity cannot be borrowed without permission. For users, the lesson is clear: trust but verify. And for developers, the line between innovation and appropriation is drawn at the brand’s front door.

Don Ho’s swift response sets a precedent that project maintainers can and should protect their community’s trust. Whether this leads to a tighter ecosystem of official ports or simply more clandestine distributions remains to be seen. One thing is certain: the chameleon’s colors cannot be casually worn.