SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Dev Corrupts NPM Libs 'Colors' and 'Faker' Breaking Thousands of Apps
Date    Wednesday January 12 2022, @01:05AM
Author    janrinok
Topic   
from the with-great-responsibility-comes-great-LOLability dept.
https://soylentnews.org/article.pl?sid=22/01/11/0732200

NPC-131072 writes:

From Bleeping Computer

Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking.

Some surmised if the NPM libraries had been compromised, but it turns out there's much more to the story.

The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that depend on 'colors and 'faker'.

The colors library receives over 20 million weekly downloads on npm alone, and has almost 19,000 projects depending on it. Whereas, faker receives over 2.8 million weekly downloads on npm, and has over 2,500 dependents.

But the target of this action wasn't the end user - but the big corporations...

[...] The reason behind this mischief on the developer's part appears to be retaliation—against mega-corporations and commercial consumers of open-source projects who extensively rely on cost-free and community-powered software but do not, according to the developer, give back to the community.

In November 2020, Marak had warned that he will no longer be supporting the big corporations with his "free work" and that commercial entities should consider either forking the projects or compensating the dev with a yearly "six figure" salary.

"Respectfully, I am no longer going to support Fortune 500s ( and other smaller sized companies ) with my free work. There isn't much else to say," the developer previously wrote.


Original Submission

Links

  1. "NPC-131072" - https://soylentnews.org/~NPC-131072/
  2. "Bleeping Computer" - https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
  3. "20 million weekly downloads" - https://www.npmjs.com/package/colors
  4. "faker" - https://www.npmjs.com/package/faker
  5. "wrote" - http://web.archive.org/web/20210704022108/https://github.com/Marak/faker.js/issues/1046
  6. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=53248

© Copyright 2022 - SoylentNews, All Rights Reserved

printed from SoylentNews, Dev Corrupts NPM Libs 'Colors' and 'Faker' Breaking Thousands of Apps on 2022-10-03 14:01:41