Open source developer corrupts widely-used libraries, affecting tons of projects

Emotional, Burning, Unlimited Tuned Laboratory

He pushed corrupt updates that trigger an infinite loop.

A developer appears to have purposefully corrupted a pair of open-source libraries on GitHub and software registry npm — “faker.js” and “colors.js” — that thousands of users depend on, rendering any project that contains these libraries useless, as reported by Bleeping Computer. Both libraries still appear to be affected by the bad code, but the issue can be worked around by downgrading to a previous version (faker.js v5.5.3 and colors.js v1.4.0). GitHub has issued a security advisory about the issues affecting color.js, but doesn’t seem to have added an advisory for faker.js.