Slash Boxes

SoylentNews is people

Submission Preview

Link to Story

Dev Corrupts NPM Libs 'colors' and 'faker' Breaking Thousands of Apps

Accepted submission by NPC-131072 at 2022-01-10 02:46:24 from the with great responsibility comes great LOLability dept.

From Bleeping Computer []

Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking.

Some surmised if the NPM libraries had been compromised, but it turns out there's much more to the story.

The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that depend on 'colors and 'faker'.

The colors library receives over 20 million weekly downloads [] on npm alone, and has almost 19,000 projects depending on it. Whereas, faker [] receives over 2.8 million weekly downloads on npm, and has over 2,500 dependents.

Original Submission