Security News > 2022 > January > Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking.
The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that depend on 'colors and 'faker'.
The colors library receives over 20 million weekly downloads on npm alone, and has almost 19,000 projects depending on it.
The developer behind popular open-source NPM libraries 'colors' and 'faker' intentionally introduced mischievous commits in them that are impacting thousands of applications relying on these libraries.
"Marak yeeted faker and colors, bricking tons of projects, and expected nothing to happen?" stated a developer named Piero.
Downgrading to an earlier version of colors and faker is one solution.