When open-source developers go bad

Chances are unless you’re a JavaScript programmer, you’ve never heard of the open-source Javascript libraries ‘colors.js‘ and ‘faker.js.” They’re simple programs that respectively let you use colored text on your node.js, a popular JavaScript runtime, console, and create fake data for testing. Faker.js is used with more than 2,500 other Node Package Manager (NPM) programs and is downloaded 2.4 million times per week. Colors.js is built into almost 19,000 other NPM packages and is downloaded 23 million times a week. In short, they’re everywhere. And, when their creator, JavaScript developer Marak Squires, fouled them up, tens of thousands of JavaScript programs blew up.

Thanks, guy.

This isn’t the first time a developer deliberately sabotaged their own open-source code. Back in 2016, Azer Ko├žulu deleted a 17-line npm package called ‘left-pad, ‘which killed thousands of Node.js programs that relied on it to function. Both then and now the actual code was trivial, but because it’s used in so many other programs its effects were far greater than users would ever have expected.  

Why did Squires do it? We don’t really know. In faker.js’s GitHub README file, Squires said, “What really happened with Aaron Swartz?” This is a reference to hacker activist Aaron

Read More: https://www.zdnet.com/article/when-open-source-developers-go-bad/#ftag=RSSbaffb68