According to Bleeping Computer, a developer appears to have purposely damaged two open source libraries on GitHub and the software registry npm “faker.js” and “colors.js” that thousands of users rely on, rendering any project that includes these libraries worthless. While it appears that color.js has been upgraded to a functioning version, faker.js appears to be still be affected; however, the problem can be resolved by reverting to an earlier version (5.5.3).
A developer appears to have purposefully broken two open source libraries on GitHub as well as the software registry npm “faker.js” and “colors.js” that thousands of users rely on, according to Bleeping Computer, leaving any project that incorporates these libraries useless. While color.js looks to have been upgraded to a working version, faker.js appears to be still be affected; however, the issue can be rectified by reverting to a previous version (5.5.3).
Even worse, the readme file for faker.js has been modified to “What really happened with Aaron Swartz?” Swartz was a well known programmer who contributed to the creation of Creative Commons, RSS, and Reddit. Swartz was charged in 2011 with stealing documents from the academic database JSTOR in order to make them freely available, and he later committed suicide in 2013. The mention of Swartz by Squires could be a reference to the conspiracy theories surrounding his death.
Squires responded by posting an update on GitHub to solve the “zalgo issue,” which refers to the glitchy text produced by the faulty files. “It’s come to our attention that the v1.4.44-liberty-2 release of colours contains a zalgo problem,” Squires says, probably sarcastically. “Please know that we are working to resolve the matter right now and will have a resolution soon.”