Applications using the open-source libraries ‘colors’ and ‘faker’ have been breaking and printing gibberish. These libraries serve hundreds of thousands of projects, with millions of weekly downloads for open-source projects like Amazon’s Cloud Development Kit. Projects that were using the code began to print messages, including text, such as ‘LIBERTY LIBERTY LIBERTY’, to the surprise of their developers and teams.
It was thought that these libraries had been compromised. However, it appears that the developer of these libraries has actually intentionally introduced mischievous commits into them. The developer of these libraries, Marak Squires, possibly put these mischievous codes in place in retaliation against corporations and commercial consumers who are using cost-free open-source projects while not giving back to the community.
Marak has previously spoken on this topic, saying “respectfully, I am no longer going to support Fortune 500s ( and other smaller sized companies ) with my free work. There isn’t much else to say.”
The post NPM libraries ‘colors’ and ‘faker’ corrupted appeared first on IT Security Guru.
Support the originator by clicking the read the rest link below.
