Begin typing your search...

GitHub developer corrupts popular libraries

A developer has corrupted a pair of popular open-source libraries on Microsoft-owned platform GitHub, leaving thousands of users stunned. The developer has since been suspended from the open-source platform.

image for illustrative purpose

GitHub developer corrupts popular libraries
X

11 Jan 2022 2:24 AM IST

New Delhi: A developer has corrupted a pair of popular open-source libraries on Microsoft-owned platform GitHub, leaving thousands of users stunned. The developer has since been suspended from the open-source platform.

The open source libraries -- 'faker' and 'colors' -- that thousands of users depend on, started producing gibberish data and breaking after the developer of these libraries intentionally, introduced an infinite loop that bricked thousands of projects that depend on 'colors' and 'faker', reports BleepingComputer.

While it looks like color.js has been updated to a working version, faker.js still appears to be affected.

"The 'colors' library receives over 20 million weekly downloads on software npm alone, and has almost 19,000 projects depending on it. Whereas, 'faker' receives over 2.8 million weekly downloads on npm, and has over 2,500 dependents," the report said on Sunday.

The developer, Marak Squires, introduced a malignant commit (a file revision on GitHub) to colors.js that adds "a new American flag module," as well as rolled out version 6.6.6 of faker.js, triggering the same destructive turn of events.

It left several users of popular open-source projects, such as Amazon's Cloud Development Kit, left in shock after they saw their applications print gibberish messages on their console.

These messages included the text 'LIBERTY LIBERTY LIBERTY' followed by a sequence of non-ASCII characters, according to the report.

Squires later posted an update on GitHub to address the bug, which refers to the glitchy text that the corrupt files produce.

GitHub libraries Microsoft 
Next Story
Share it