A Developer Corrupts Widespred Libraries
Published: January 12, 2022
According to info from Bleeping Computer, developer Marak Squires recently corrupted two widely used open-source libraries, disrupting tons of projects in the process. He appears to have intentionally altered “color.js” and “faker.js” on GitHub and the software registry npm.
Squires introduced a malignant commit (a file revision on GitHub) to “color.js,” which added “a new American flag module.” He then rolled out a version of “faker.js” that caused apps to produce three lines of text saying “LIBERTY LIBERTY LIBERTY,” followed by infinite loops of letters and symbols.
However, it seems that “color.js” has been reverted to a working version, while “faker.js” is still experiencing technical issues.
What’s more, the “faker.js” Readme file was cryptically renamed “What really happened to Aaron Swartz?” Swartz was a computer programmer that helped create RSS, Reddit, and Creative Commons.
He was charged with stealing documents from an academic database in 2011. The purpose behind this theft was to make the information accessible to the public. Sadly, he took his own life in 2013.
Squires addressed the problem on GitHub in a presumably sarcastic manner, stating that he was aware of the problem and currently working on a solution. And just two days after performing the corrupt update to “faker.js,” he tweeted that his GitHub account had been suspended.
The Verge inquired but didn’t hear back from GitHub about Marak’s account suspension.
Additionally, a 2020 post by Squires said he would no longer support Fortune 500s with his free work.
This issue seems to highlight the problems with using open-source development, as thousands of websites, apps, and software rely on it and have come to expect it all for free.