Notepad++ is solid but they had a recent kerfuffle involving their security practices and the response didn't inspire much confidence. But if you turn off auto-updates then it's a good alternative if you're still on Windows.
The issue Notepad++ is having, is the same as a lot of open source projects: They don't have a ton of money, don't have a business entity, and are struggling to get/keep a software-signing key in those circumstances.
So the people taking pot shots at the developers, I guess, maybe be more specific with what they did wrong and what they should have done instead. Because if you actually understand the history/circumstances (and the fact it was a third-party hosting provider compromised), one would expect more blame on the systemic under-funding of OSS than "developers bad."
Are people wanting them to create a business, monetize Notepad++, so that they no longer have issues with hosting/certificates? I'm guessing not.
And yet notepad++ is installed by default on millions of development machines across the globe. This one of those cases that Microsoft should take over the project, keep as open source and give it proper prime time attention.
More than a small kerfuffle. A supply chain attack by a state actor, believed to be China, resulted in undetected malicious code executions from June 2025 to December 2025.
I'm worried a political activist might go off the rails at some point for whatever their cause is and I have their software running on my computer... I don't want to be part of someone else's crusade.
I didn't realize until recently that the very popular Notepad++ was such a lightning rod over the years for controversy and (though I can't guarantee correlation is causation) security issues.
