A developer called Marak Squires has corrupted a pair of popular open-source libraries on Microsoft-owned platform GitHub, leaving thousands of users stunned. The developer has since been suspended from the open-source platform.
The open source libraries — faker and colors — that thousands of users depend on, started producing gibberish data and breaking after the developer of these libraries intentionally, introduced an infinite loop that bricked thousands of projects that depend on colors and faker, reports BleepingComputer.
While it looks like color.js has been updated to a working version, faker.js still appears to be affected.
The colors library receives over 20 million weekly downloads on software npm alone, and has almost 19,000 projects depending on it. Whereas, faker receives over 2.8 million weekly downloads on npm, and has over 2,500 dependents.
The developer, Marak Squires, introduced a malignant commit (a file revision on GitHub) to colors.js that adds a new American flag module, as well as rolled out version 6.6.6 of faker.js, triggering the same destructive turn of events.
It left several users of popular open-source projects, such as Amazon’s Cloud Development Kit, left in shock after they saw their applications print gibberish messages on their console.
These messages included the text LIBERTY LIBERTY LIBERTY followed by a sequence of non-ASCII characters.
Squires later posted an update on GitHub to address the bug, which refers to the glitchy text that the corrupt files produce.
“Please know we are working right now to fix the situation and will have a resolution shortly,” he wrote.
Squires later posted a tweet, saying he has been suspended from GitHub.
GitHub was yet to make an official statement on the development.
The open-source platform is currently making headlines in India as the two controversial and derogatory Sulli Deals and Bulli Bai apps were created on GitHub. The access of GitHub was with all the members of the groups behind those apps.