Marak Squares ( Marak Squires ), author of popular packages colors (Color coloring node.js) and Faker (fictitious data generator for input fields) There are 2.8 and 25 million weekly downloads, placed new versions of their products in the NPM repository and on Github, including destructive changes, purposefully leading to failures at the assembly stage and the implementation of dependent projects. As a result of Marak’s actions, the work of many projects was broken, Including AWS CDK using the specified libraries – Colors library used in Quality dependency in 18953 projects, and Faker – in 2571.
The code library “colors” was added output to the text console “LIBERTY LIBERTY Liberty “and an infinite cycle that blocks the work of dependent projects and output flow from the distorted words” Tesing “. In the Faker Library Remote The contents of the repository, in Commit “EndGame” Add to .Gitignore and .nPmignore files to exclude project files, and instead of the contents of the Readme file, the question is located on
The case happened to Aaron Schwarz. “Problems are present in the versions of Colors 1.4.1+ and Faker 6.6.6.
In response to the perfect actions of GitHub blocked Marac’s access to your repositories (90 public + several private), and NPM has shut from a malicious version of the package. At the same time, the legality of Github actions causes Questions , since the deletion of code developer from one of its repositories cannot be considered as a violation of the rules of service. Moreover, on Colors and Faker packages clearly marked the absence of any guarantees and obligations in relation to Code performance.
Interestingly, the first warning about the termination of development was published over a year ago. In September 2020, Marak lost all the property due to Fire , after which in early November in an ultimative form called on Commercial companies using his projects to finance the continuation of development, otherwise he promised to stop support, as it does not intend to work more for free. Before the incident, the latest version of Colors was released