January 9, 2022 08:58 pm
Original Link: https://www.theverge.com/2022/1/9/22874949/developer-corrupts-open-source-libraries-projects-affected
Open source developer corrupts widely-used libraries, affecting tons of projects
A developer appears to have purposefully corrupted a pair of open-source libraries on GitHub and software registry npm — “faker.js” and “colors.js” — that thousands of users depend on, rendering any project that contains these libraries useless, as reported by Bleeping Computer. While it looks like color.js has been updated to a working version, faker.js still appears to be affected, but the issue can be worked around by downgrading to a previous version (5.5.3).
Bleeping Computer found that the developer of these two libraries, Marak Squires, introduced a malignant commit (a file revision on GitHub) to colors.js that adds “a new American flag...
Original Link: https://www.theverge.com/2022/1/9/22874949/developer-corrupts-open-source-libraries-projects-affected
Share this article:
Tweet
View Full Article
The Verge
The Verge is an ambitious multimedia effort founded in 2011More About this Source Visit The Verge