A developer seems having purposely corrupted a couple of open source libraries on GitHub and the npm software registry, as well as the “faker.js” and “colors.js” libraries, on which thousands of users depend, which makes any project that contains these libraries are useless, as Engadget would have explained recently. While it seems that the color.js library was updated to a working version, faker.js still seems to be affected, but the problem can be fixed by downgrading (5.5.3).
Bleeping Computer found that the developer of these two libraries, Marak Squires, introduced a malicious commit (a file review on GitHub) in colors.js that adds “a new American flag module”, as well as also released version 6.6.6 of faker .js, unleashing the same destructive turn of events. Sabotaged versions cause applications to infinitely emit strange letters and symbols, starting with three lines of text that say “FREEDOM FREEDOM FREEDOM”.
Even more curious, the readme for faker.js has also been changed to “What really happened to Aaron Swartz?” Swartz was a prominent developer who helped establish Creative Commons, RSS, and Reddit. In 2011, Swartz was accused of stealing documents from the JSTOR academic database in order to make them freely accessible, and then committed suicide in 2013.. Swartz’s mention of Squires could refer to conspiracy theories surrounding his death.
.
ttn-25