With a high number of dependencies on open source libraries, unwanted problems can occur. As a recent incident shows, these do not have to be of technical origin, but can have human motives. The open-source faker.js and colors.js libraries were intentionally tampered with by Marak Squires, the developer.
Developers who have relied on the libraries’ features should have encountered numerous problems with the latest version. Specifically, there is talk of loops and various other errors.
Millions go into open source library dependencies every day
faker.js – A library for creating demo data is downloaded about 2.5 million times a week. The potential is huge. Therefore, version 6.6.6 is no longer functional. Those who go back to version 5.5.3 will be able to avoid the problems.
Discussion about the sudden change de code is mixed
Anyone following the discussion will quickly learn that there are two camps on this front. Some would like to see more such actions. The overall goal is often to create the financial ground to fund open source projects. Others, however, sharply criticize the action, saying that charitable projects also suffer and small businesses are put in a bind.
Dependencies on open source libraries should be monitored and reduced
Including programming code that can be arbitrarily adapted by independent third parties is a risk. For this reason, companies that deal with the topic of information security in particular should dedicate themselves to this task.