A developer appears to have purposefully corrupted a pair of open-source libraries on GitHub and software registry npm. The issue can be worked around by downgrading to a previous version.
The sabotaged versions cause applications to finite output strange letters and symbols, beginning with three lines of text that read’liberty liberty liberty’.
Swartz was a prominent developer who helped establish Creative Commons, RSS, and Reddit. In 2011, Swartz was charged for stealing documents from the academic database JSTOR with the purpose of making them free to access. He later committed suicide in 2013.
Users turn to GitHub’s bug tracking system to voice concerns about the issue. faker.js sees nearly 2.5 million weekly downloads on npm, and color.js gets about 22.4 million downloads per week.
In response to the problem, Squires posted an update on GitHub to address the’Zalgo issue’.’it’s come to our attention that there is a Zalgo bug in the v1.4.44-liberty-2 release of colors,’ which refers to the glitchy text that the corrupt files produce.
Npm has reversed to a previous version of the faker.js package. Github has suspended my access to all public and private projects.
Two days after posting a corrupt update to faker.js, Squires tweeted that he’s been suspended from GitHub. It’s unclear whether Squires’ account has been banned again.
Bleeping computer dug up one of Squires’ posts on GitHub from November 2020, in which he declared he no longer wants to do free work.’take this as an opportunity to send me a six figure yearly contract or fork the project and have someone else work on it,’ he said.