It seems that a developer is intentionally sabotaging open source libraries, specifically on GitHub and npm. Some of the open source libraries affected include faker.js and colours.js, which will impact thousands of users worldwide.
According to Bleeping Computer, developer Marak Squires added malicious commits on GitHub, such as the American flag.
This sabotage causes open source applications to add infinite characters and strange symbols, starting with “Freedom, Freedom, Freedom”.
Within the faker.js file, he changed its title to “What actually happened to Aaron Swartz?”, a famous open-source developer.
Swartz helped in founding Creative Commons, RSS, and Reddit, and in 2011 was charged with stealing documents from the JSTOR academic database.
By doing so, he made them available for free to open-source software developers, although he committed suicide in 2013, sparking theories about his death.
Some users, including Amazon cloud workers, faced issues on GitHub, expressing their concern about this issue.
On the other hand, Faker.js has about 2.5 million npm downloads, while colours.js has another 22.5 million downloads, indicating global impacts.
Among the issues with faker.js, it generates incorrect data for demos, while color.js adds colors to JavaScript console logs.
The open-source creator Squires, who caused the damage, posted on his Twitter, “We noticed an error in the colours version 1.4.44-Liberty-2.”
Based on comments, users remarked that this was sarcastic and even mocked the serious issue caused by the developer.
Two days after a successful update, GitHub closed Squires’ account, despite having hundreds of his projects on the site.
