SoylentNews

NPC-131072 [soylentnews.org] writes:

From Bleeping Computer [bleepingcomputer.com]

Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking.

Some surmised if the NPM libraries had been compromised, but it turns out there's much more to the story.

The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that depend on 'colors and 'faker'.

The colors library receives over 20 million weekly downloads [npmjs.com] on npm alone, and has almost 19,000 projects depending on it. Whereas, faker [npmjs.com] receives over 2.8 million weekly downloads on npm, and has over 2,500 dependents.

Original Submission