The developer of two of the most popular open source NodeJS libraries has decided to corrupt them, affecting millions of users

With a user base of nearly 25 million downloads each week, Colors.js and Faker.js are two of the most popular NPM libraries. Two open source projects of ‘Node Package Manager’, package manager for NodeJS, a popular JavaScript environment. Despite the great reputation of these open bookstores, thousands of projects have stopped working overnight due to their dependence on these bookstores.

The reason is none other than the decision of Marak Squires, developer of these two libraries, to corrupt their widely used work.

Github suspends the account of this popular developer with more than 100 projects

Developer added a commit that added five lines of code. An update under the name of “Add new module of the American flag”. Three lines for a ‘console.logs’ showing a string with the message ‘LIBERTY, LIBERTY, LIBERTY’ and a Readme file where it linked to information about the project ‘What happened to Aaron Swartz’. The motivation would therefore be in a vindication of the figure of Swartz, founder of Reddit and the RSS specification who decided to commit suicide in 2013.

Incorporating the commit causes applications based on these libraries to fail, including some related to the Amazon Cloud Dev Kit.


In the case of colors.js, it does appear that it has already been updated to a version that continues to work. Colors.js has about 22.4 million weekly downloads, while faker.js has 2.5 million.

Fortunately for the thousands of developers who work with the popular Marak Squire library, it seems that the latest update fixes the “bug”. For faker.js, the solution is to revert to a version prior to the update, 5.5.3. “Please know that we are working at this time to resolve the situation and will have a resolution shortly,” Squire described, probably sarcastically.

Two days after adding the corrupt commit, the developer explained on his personal Twitter account that Github has decided to suspend your account, despite having more than 100 projects. As it points The Verge, it would be a temporary ban, since the developer has been intermittently using your account.

As pointed Bleeping Computer, the developer added and then deleted a Github message explaining that “respectfully, I will no longer support Fortune 500 companies with my free work. Take this as an opportunity to send me a six-figure annual contract or for the project and have someone else work on it. ” Fossbytes Remember that your neighbors warn you of your mental instability.

Image | Markus Winkler

Source: Xataka by

*The article has been translated based on the content of Xataka by If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!