The developer of two of the most popular open source NodeJS libraries has decided to corrupt them, affecting millions of users

On By Garmin Philip

With a user base of nearly 25 million downloads each week, Colors.js and Faker.js are two of the most popular NPM libraries. Two open source projects of ‘Node Package Manager’, package manager for NodeJS, a popular JavaScript environment. Despite the great reputation of these open bookstores, thousands of projects have stopped working overnight due to their dependence on these bookstores.

The reason is none other than the decision of Marak Squires, developer of these two libraries, to corrupt their widely used work.

Github suspends the account of this popular developer with more than 100 projects

Developer added a commit that added five lines of code. An update under the name of “Add new module of the American flag”. Three lines for a ‘console.logs’ showing a string with the message ‘LIBERTY, LIBERTY, LIBERTY’ and a Readme file where it linked to information about the project ‘What happened to Aaron Swartz’. The motivation would therefore be in a vindication of the figure of Swartz, founder of Reddit and the RSS specification who decided to commit suicide in 2013.

Open Source sweeps and lives a golden age, but there is also some posturing

Incorporating the commit causes applications based on these libraries to fail, including some related to the Amazon Cloud Dev Kit.

Npm

In the case of colors.js, it does appear that it has already been updated to a version that continues to work. Colors.js has about 22.4 million weekly downloads, while faker.js has 2.5 million.

Fortunately for the thousands of developers who work with the popular Marak Squire library, it seems that the latest update fixes the “bug”. For faker.js, the solution is to revert to a version prior to the update, 5.5.3. “Please know that we are working at this time to resolve the situation and will have a resolution shortly,” Squire described, probably sarcastically.

Two days after adding the corrupt commit, the developer explained on his personal Twitter account that Github has decided to suspend your account, despite having more than 100 projects. As it points The Verge, it would be a temporary ban, since the developer has been intermittently using your account.

My software is Open Source, but don't overdo it: the people in charge of Stockfish and Audacity have their noses swollen

As pointed Bleeping Computer, the developer added and then deleted a Github message explaining that “respectfully, I will no longer support Fortune 500 companies with my free work. Take this as an opportunity to send me a six-figure annual contract or for the project and have someone else work on it. ” Fossbytes remember that your neighbors warn you of your mental instability.

Image | Markus Winkler



Reference-www.xataka.com