The author finally got angry because he warned that large companies could provide financial support without using it free of charge, destroying colors.js and faker.js, which are downloaded more than 20 million times a week, and making them unusable.
Marak , the developer of the popular open source libraries colors.js and faker.js, has deliberately destroyed these npm libraries. There are many projects that depend on colors.js and faker.js, so there are concerns about their impact.
Dev corrupts NPM libs'colors' and'faker' breaking thousands of apps
https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
Open source developer corrupts widely-used libraries, affecting tons of projects --The Verge
https://www.theverge.com/2022/1/9/22874949/developer-corrupts-open-source-libraries-projects-affected
colors.js is an npm library that is downloaded more than 20 million times a week, and there are about 19,000 software development projects using this library. faker.js is also a popular library that is downloaded more than 2.8 million times a week, and it seems that there are more than 2500 projects using this library.
Marak, the developer of colors.js and faker.js, has released a deliberately corrupted version, affecting projects that depend on these libraries. Users of popular open source projects like aws-cdk have noticed this incident and are reporting the situation.
Marak has added non-ASCII characters to colors.js version 1.4.44 and faker.js version 6.6.6, which causes an infinite number of American flags to be output when an application uses the library. Now occurs. The latest version of color.js that works fine has been released, but you can work around the problem by downgrading to a previous version of faker.js (version 5.5.3).
A user of colors.js said, 'The author of colors.js seems to be angry that the reward is not paid, and now it outputs the American flag every time the library is loaded. I'm tweeting.
Apparently the author of `colors.js` is angry for not being payed https://t.co/4N9Nl81bkL
— Galtashma (@galtashma) January 8, 2022
So he decided to print the American flag each time his library is loaded https://t.co/U6FoH0ADFJ WTF
Marak said the 'the version of the colors.js 1.4.44 Zalgo bug was noticed that (American flag is output bug) is' 'Currently, we are working to correct the situation is resolved soon will' wrote I am .
Bleeping Computer points out that the reason Marak did this mischief was 'because of the big companies that don't financially support open source software.'
In November 2020, Marak said, 'In honor, I'm not going to give the Fortune 500 companies and other small businesses the deliverables I've developed for free. I have nothing else to say. '' this to chance, or a full year contract of me and the 6-digit (several million yen), and fork the project I created you will need to have to continue to develop in someone else 'and mention want did.
Marak also wrote in the README page for these libraries, 'What happened to Aaron Swartz?' Aaron Swartz downloaded millions of journal articles from the JSTOR database on the MIT campus network to give everyone equal and free access to information, after a court battle. A famous hacktivist who committed suicide in Japan.
Marak's series of actions has been praised by some open source software communities. On the other hand, there are criticisms such as 'This action is too irresponsible.'
According to Marak, GitHub has suspended his account.
NPM has reverted to a previous version of the faker.js package and Github has suspended my access to all public and private projects. I have 100s of projects. #AaronSwartz pic.twitter.com/zFddwn631S
— Marak ???? (@marak) January 6, 2022
Related Posts:
in Software, Posted by logu_ii