Open source developer corrupts widely-used libraries, affecting tons of projects

by
Emma Roth
from The Verge on (#5TVBW)
acastro_180109_1777_0001_v1.0.jpg Illustration by Alex Castro / The Verge

A developer appears to have purposefully corrupted a pair of open-source libraries on GitHub and software registry npm - faker.js" and colors.js" - that thousands of users depend on, rendering any project that contains these libraries useless, as reported by Bleeping Computer. While it looks like color.js has been updated to a working version, faker.js still appears to be affected, but the issue can be worked around by downgrading to a previous version (5.5.3).

The sabotaged versions cause applications to infinitely output strange letters and symbols

Bleeping Computer found that the developer of these two libraries, Marak Squires, introduced a malignant commit (a file revision on GitHub) to colors.js that adds a new American flag...

Continue reading...

External Content
Source RSS or Atom Feed
Feed Location http://www.theverge.com/rss/index.xml
Feed Title The Verge
Feed Link https://www.theverge.com/
Reply 0 comments