An open-source developer intentionally corrupted his own libraries that have been used by thousands of projects.
Users of open-source projects that depend on the ‘colors’ and ‘faker’ libraries by Marak Squires were confronted with their applications indefinitely printing gibberish messages on their console—rendering them useless.
The colors library receives over 20 million weekly downloads on npm alone and has almost 19,000 projects depending on it. The faker library receives over 2.8 million weekly downloads on npm and has over 2,500 dependents.
Messages printed to the console began with “LIBERTY LIBERTY LIBERTY” which quite clearly shows the problems were down to more than just an innocuous mistake.
So, what’s going on? An ‘Issue’ posted by Squires on the faker project’s GitHub from November could provide some idea.
“Respectfully, I am no longer going to support Fortune 500s (and other smaller sized companies) with my free work,” wrote Squires.
“Take this as an opportunity to send me a six figure yearly contract or fork the project and have someone else work on it.”
In a tweet from a month earlier, Squires says that he lost all of his stuff in an apartment fire and requested cash to help remain “unhomeless”:
It’s understandable that Squires felt that he should be getting paid for his contributions, especially given the circumstances, but it’s hard to justify harming all users of the libraries:
The Readme.md of faker was also changed to “What really happened with Aaron Swartz?” in an apparent reference to conspiracy theories around the high-profile developer’s death.
Swartz helped to establish Creative Commons, Reddit, and RSS, but in 2011 was charged with stealing documents from JSTOR with the intention of making them free. In 2013, Swartz committed suicide.
Squires had access to GitHub suspended for violating its terms of service – despite hosting hundreds of his private and public projects – but it appears that has since been lifted with recent activity coming from his account.
Editor’s note: If you are thinking about committing suicide, please know that people care about you and seek professional help. You can find a list of national helplines here.
(Photo by Michael Dziedzic on Unsplash)
Looking to revamp your digital transformation strategy? Learn more about Digital Transformation Week taking place on 11-12 May 2022 and discover key strategies for making your digital efforts a success.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
