GitHub developer corrupts popular open source libraries, suspended

The open source libraries -- 'faker' and 'colors' -- that thousands of users depend on, started producing gibberish data and breaking after the developer of these libraries intentionally, introduced an infinite loop that bricked thousands of projects that depend on 'colors' and 'faker', reports BleepingComputer.

While it looks like color.js has been updated to a working version, faker.js still appears to be affected.

"The 'colors' library receives over 20 million weekly downloads on software npm alone, and has almost 19,000 projects depending on it. Whereas, 'faker' receives over 2.8 million weekly downloads on npm, and has over 2,500 dependents," the report said on Sunday.

The developer, Marak Squires, introduced a malignant commit (a file revision on GitHub) to colors.js that adds "a new American flag module," as well as rolled out version 6.6.6 of faker.js, triggering the same destructive turn of events.

It left several users of popular open-source projects, such as Amazon's Cloud Development Kit, left in shock after they saw their applications print gibberish messages on their console.

These messages included the text 'LIBERTY LIBERTY LIBERTY' followed by a sequence of non-ASCII characters, according to the report.

Squires later posted an update on GitHub to address the bug, which refers to the glitchy text that the corrupt files produce.

"Please know we are working right now to fix the situation and will have a resolution shortly," he wrote.

Squires later posted a tweet, saying he has been suspended from GitHub.

GitHub was yet to make an official statement on the development.

The open-source platform is currently making headlines in India as the two controversial and derogatory 'Sulli Deals' and 'Bulli Bai' apps were created on GitHub.

The access of GitHub was with all the members of the groups behind those apps.

--IANS na/dpb

( 334 Words)

2022-01-10-10:36:03 (IANS)