Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps(Bleeping Computer)
Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps(Bleeping Computer)
[Development] Posted Jan 10, 2022 15:20 UTC (Mon) by corbet
Bleeping Computer reports on the latest NPM mess: the developer of the "faker" module deleted the code and its development history from GitHub (with a force push), replaced it with a malicious alternative, and broke dependencies for numerous applications.
The reason behind this mischief on the developer's part appears to be retaliation—against mega-corporations and commercial consumers of open-source projects who extensively rely on cost-free and community-powered software but do not, according to the developer, give back to the community.
GitHub has evidently called this action a violation of its terms of service and disabled the owner's account; NPM has restored a previous version of the code.