Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/

Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking.

Some surmised if the NPM libraries had been compromised, but it turns out there's much more to the story.

The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that depend on 'colors and 'faker'. The colors library receives over 20 million weekly downloads on npm alone, and has almost 19,000 projects depending on it. Whereas, 'faker' receives over 2.8 million weekly downloads on npm, and has over 2,500 dependents.

Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps

Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking. Some surmised if the NPM libraries had been compromised, but it turns out there's more to the story.

www.bleepingcomputer.com

 

[upnorth]

The reason behind this mischief on the developer's part appears to be retaliation—against mega-corporations and commercial consumers of open-source projects who extensively rely on cost-free and community-powered software but do not, according to the developer, give back to the community.

"Take this as an opportunity to send me a six figure yearly contract or fork the project and have someone else work on it."

 

[upnorth]

Neighbor on Queens man with bomb-making equipment: 'Obviously the man is sick'

The investigation continues into the discovery of bomb-making materials after a fire inside a home in Queens, and the neighbor who first noticed something strange is speaking out about what led authorities to the suspect.

abc7ny.com