Hot Monday for many developers. The author of the very popular Open Source libraries intentionally introduced a serious error and published it. Hundreds of thousands of dependent projects have been affected, and we are wondering if this is just another interesting story or a beacon for the industry?
–
People of drama – colors and faker – this NPM packages used in applications run in the Node.js environment, i.e. for example in the service dobreprogramy. library colors allows to color the text printed in the console and is often used by the developers themselves in the process of debugging or monitoring the application. It is extremely popular, with 23 million downloads per week. Package faker and it enables the generation of random, untrue data (e.g. names, e-mail addresses) in order to test the application. It’s “a little” less popular – just 2.5 million downloads each week.
–
In Poland, it is a long weekend shortly after the New Year, and some around the world are busy publishing new versions of their libraries. Among them, Marak Squires, author of colors and faker, among others. Programmers whose projects use at least one of these two dependencies were surely very surprised when they came to work on Monday. For example, the new faker practically stopped working, and after updating colors fell into an infinite loop and printed on the screen the words “LIBERTY LIBERTY LIBERTY” and tons of random characters. Thus, it led to the suspension of the application.
–