As intelligent as humans are known to be, we do have our fair share of cognitive limitations. For instance, every once in a while, we encounter a situation where we fail to see the entire picture. This results in a human approach that barely fulfils all the obligations in play. Now, like you would expect, such a dynamic almost always leaves a negative impact on us. Hence, in a bid to nullify its powers, we have developed various methodologies, each one designed to work in a unique manner. In hindsight, if we take a moment to assess how these methodologies have fared, we’ll see that even though their granular effect is too dissimilar for conducting any viable comparison, there is a particular one which went above and beyond to race ahead of the rest. The said method talks to a concept called technology. Technology’s success story is often mistakenly considered as some really obscure compilation of gazillion advancements, but in reality, it’s a story constructed around basic elements like efficiency and convenience. However, the simplified foundations couldn’t save us from having to pay a significant price, and we did so through the sacrifice of our security. Ever since technology has arrived on the scene, alongside the benefits, we also had to deal with some major security issues. The iterations of this threat are way too many to count, and yet we have one more joining the pack.
According to a report from Bleeping Computer, an open-source developer named Marak Squires deliberately corrupted a pair of widely-used libraries on GitHub and software registry npm, faker.js and colors.js. The integration of certain malicious components into these libraries means any project currently relying on them needs to start afresh. To get a gist regarding how far the ripple effects might reach, we can look at the reported figures for weekly downloads, which are 22.4 million in colors.js’ case, and 2.5 million for faker.js. The sabotage made itself apparent once several users started complaining that their applications were producing strange letters and symbols, always beginning with the text “LIBERTY LIBERTY LIBERTY”
At present, the motive behind the move is unclear; however, there are some readymade leads available. One lead goes through the renaming of faker.js Readme file that was changed to “What really happened with Aaron Swartz?”, indicating links to a prominent developer, who was charged for stealing documents from the academic database JSTOR. Swartz allegedly wanted make them accessible without any costs, but two years after he was charged, the developer committed suicide.
In response to the attack, colors.js has been updated to a working version. On the other hand, though, faker.js remains affected.. Apart from that, GitHub also banned Squires from the platform.