Slash Boxes

SoylentNews is people

posted by janrinok on Wednesday January 12, @01:05AM   Printer-friendly
from the with-great-responsibility-comes-great-LOLability dept.

From Bleeping Computer

Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking.

Some surmised if the NPM libraries had been compromised, but it turns out there's much more to the story.

The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that depend on 'colors and 'faker'.

The colors library receives over 20 million weekly downloads on npm alone, and has almost 19,000 projects depending on it. Whereas, faker receives over 2.8 million weekly downloads on npm, and has over 2,500 dependents.

But the target of this action wasn't the end user - but the big corporations...

[...] The reason behind this mischief on the developer's part appears to be retaliation—against mega-corporations and commercial consumers of open-source projects who extensively rely on cost-free and community-powered software but do not, according to the developer, give back to the community.

In November 2020, Marak had warned that he will no longer be supporting the big corporations with his "free work" and that commercial entities should consider either forking the projects or compensating the dev with a yearly "six figure" salary.

"Respectfully, I am no longer going to support Fortune 500s ( and other smaller sized companies ) with my free work. There isn't much else to say," the developer previously wrote.

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by narcc on Thursday January 13, @06:38AM

    by narcc (2604) on Thursday January 13, @06:38AM (#1212347)

    It's also a nice little reminder that the 21st Century's Super Trendy way to do Software Engineering is fscked.

    This. Anyone impacted by this deserves what they get.

    Back when ebay was a new idea, I remember website owners getting revenge on jerks 'hot linking' their images for use in ebay auctions by replacing the image with the nastiest porn they could scrape off the bottom of the internet. (In those days, it was some nasty stuff indeed.)

    So, yeah, don't make your project dependent on crap from some random kid that can change without notice. They're lucky this is the all that happened. This could have very easily turned in to a "now all of your customers are pwned" situation.