Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps(Bleeping Computer)
Monday January 10, 2022. 04:20 PM , from LWN.net
Bleeping Computer reports
on the latest NPM mess: the developer of the 'faker' module deleted the
code and its development history from GitHub (with a force push), replaced
it with a malicious alternative, and broke dependencies for numerous
The reason behind this mischief on the developer's part appears to
be retaliation—against mega-corporations and commercial consumers
of open-source projects who extensively rely on cost-free and
community-powered software but do not, according to the developer,
give back to the community.
GitHub has evidently called this action a violation of its terms of
service and disabled the owner's account; NPM has restored a previous
version of the code.
May, Wed 18 - 11:39 CEST