An open-source developer corrupted two of the most important NPM libraries, which led to thousands of huge projects ceasing to function (As they depend on these libraries). The two libraries — Faker.js and Colors.js — are the most popular libraries, with a userbase of around 24.9 million over a week. Color.js seems to be working now, but Faker.js is still affected. Users will need to downgrade to the previous version to use the same again.
The developer of these libraries, Marak Squires, added a commit “Adds a new American flag module” that included five lines of code; three of which are “console.logs” that display the string ‘LIBERTY, LIBERTY, LIBERTY’ on the console. The Readme of the Faker.js library has changed from displaying info about the project to “What happened to Aaron Swartz.”
For starters, Aaron Swartz created Web.py, a popular web application framework. He also worked on improving Reddit by rebasing its Lisp codebase using Python. He committed suicide in 2013.
Two days after the disastrous commit, Squires tweeted that his GitHub account with over 100 projects had been suspended. However, his suspension has been lifted. Many developers bashed him in the tweet thread for not following the open-source project guidelines and ruining it for other people whose projects depend on faker.js and color.js libraries.
Bleeping Computer found Squire’s post on GitHub where he said, “Respectfully, I will no longer support Fortune 500s (and other smaller sized companies) with my free work. Take this as an opportunity to send me a six-figure yearly contract or for the project and have someone else work on it.” So, this move came due to the developer’s financial struggles and poor mental health.
Squires was also charged with making a bomb in September 2020. His neighbors said, “Obviously the man is sick,” and also said that he hadn’t interacted with them since he moved here.