Developer Corrupts Two Huge Open-Source NPM Libraries

faker.js and color.js are the affected libraries.

Share on twitter
Tweet
Share on facebook
Share
Share on whatsapp
WhatsApp

An open-source developer corrupted two of the most important NPM libraries, which led to thousands of huge projects ceasing to function (As they depend on these libraries). The two libraries — Faker.js and Colors.js — are the most popular libraries, with a userbase of around 24.9 million over a week. Color.js seems to be working now, but Faker.js is still affected. Users will need to downgrade to the previous version to use the same again.

The developer of these libraries, Marak Squires, added a commit “Adds a new American flag module” that included five lines of code; three of which are “console.logs” that display the string ‘LIBERTY, LIBERTY, LIBERTY’ on the console. The Readme of the Faker.js library has changed from displaying info about the project to “What happened to Aaron Swartz.”

For starters, Aaron Swartz created Web.py, a popular web application framework. He also worked on improving Reddit by rebasing its Lisp codebase using Python. He committed suicide in 2013.

Two days after the disastrous commit, Squires tweeted that his GitHub account with over 100 projects had been suspended. However, his suspension has been lifted. Many developers bashed him in the tweet thread for not following the open-source project guidelines and ruining it for other people whose projects depend on faker.js and color.js libraries.

Bleeping Computer found Squire’s post on GitHub where he said, “Respectfully, I will no longer support Fortune 500s (and other smaller sized companies) with my free work. Take this as an opportunity to send me a six-figure yearly contract or for the project and have someone else work on it.” So, this move came due to the developer’s financial struggles and poor mental health.

Squires was also charged with making a bomb in September 2020. His neighbors said, “Obviously the man is sick,” and also said that he hadn’t interacted with them since he moved here.

Find your dream job

Abubakar Mohammed

Abubakar Mohammed

Abubakar is a passionate tech writer whose love for tech started in 2011 when he got a Dell Inspiron 5100. When he's not covering Linux and open-source, you'll find him binge-watching anime or Tech content on YouTube.

Find your dream job

Work at your dream company with Fossbytes Jobs