Slash Boxes

SoylentNews is people

posted by janrinok on Wednesday January 12, @01:05AM   Printer-friendly
from the with-great-responsibility-comes-great-LOLability dept.

From Bleeping Computer

Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking.

Some surmised if the NPM libraries had been compromised, but it turns out there's much more to the story.

The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that depend on 'colors and 'faker'.

The colors library receives over 20 million weekly downloads on npm alone, and has almost 19,000 projects depending on it. Whereas, faker receives over 2.8 million weekly downloads on npm, and has over 2,500 dependents.

But the target of this action wasn't the end user - but the big corporations...

[...] The reason behind this mischief on the developer's part appears to be retaliation—against mega-corporations and commercial consumers of open-source projects who extensively rely on cost-free and community-powered software but do not, according to the developer, give back to the community.

In November 2020, Marak had warned that he will no longer be supporting the big corporations with his "free work" and that commercial entities should consider either forking the projects or compensating the dev with a yearly "six figure" salary.

"Respectfully, I am no longer going to support Fortune 500s ( and other smaller sized companies ) with my free work. There isn't much else to say," the developer previously wrote.

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Saturday January 15, @11:15PM

    by Anonymous Coward on Saturday January 15, @11:15PM (#1213032)
    Prosecuting him for what? He warned users 14 months ago to fork the damn projects. They didn't. He didn't damage their computers - just his own software, which, by the way, he owns. So are they going to prosecute him for damaging his own property?

    I'm sure he'll happily refund them the entire price they paid him. Even though open-source software comes with a standard disclaimer of liability, discamer of fitness for any purpose whatsoever, yadda yadda ...

    You agree to use it at your own risk. Right there in the license. Are you arguing that open source licenses aren't legal? No quicker way to shut down open source permanently.

    Those of us who have been saying that javascipt is a huge shitshow are happy to once again be proved right. We got popcorn, we got beer, let the bs prosecutions for damaging his own software, which users agreed they were using at their own risk, begin.