In apparent protest of mega-corporations, a developer damaged their own open-source libraries, damaging thousands of apps
A programmer who created two widely used open-source code libraries allegedly damaged their own work in protest of huge corporations using the code for free.
As a result, according to the tech news site Bleeping Computer, some users of the updated code saw their projects fail or print gibberish on their screens.
The programmer’s account appears to have been suspended after both libraries were hosted on GitHub’s open-source repository, NPM. Many big companies utilise GitHub, a Microsoft-owned software development site, to organise and exchange computer code.
Colors.js, for example, has over 23 million weekly downloads and is used in approximately 19,000 projects. The other, “Faker.js,” has 2.4 million weekly downloads and is used in over 2,500 applications.
Faker.js and Colors.js, for example, are essentially shortcuts for developers, allowing them to easily add simple features to their software without having to reinvent the wheel with each new project.
In many situations, developers configure their programme to download and use the most recent versions of those libraries, which are hosted on services such as GitHub’s NPM.
However, when something goes wrong — as it did here — it can lead to a chain reaction of problems in everything that relies on that library. When a single programmer deleted an NPM package containing 11 lines of code in 2016, he destroyed large portions of the internet’s underlying software.
Users of the Amazon Web Services Cloud Development Kit shared screenshots of their programming terminals, which showed the phrase “LIBERTY LIBERTY LIBERTY” displayed three times and then a cloud of unreadable text characters.
The programmers behind the libraries also made a public statement about the Colors library, where they exchanged caustic words while other users requested assistance in resolving the issues it caused in their projects.
“As much as we’d prefer to go back to a previous working version,” he added, “we strongly believe it’s best if we can fix the actual problem rather than travelling back in time.”
In response to downstream applications that rely on code libraries to be maintained in good faith, one critic dubbed the move “dependency terrorism.”
Bleeping Computer discovered an older post by the coder that may hint at a possible purpose for the sabotage.
In 2020, the developer commented, “I am no longer going to support Fortune 500s (and other lower sized companies) with my free efforts.” “Use this as an opportunity to offer me a six-figure annual contract or delegate the project to someone else.”
The episode highlights the continuous conflict between independent developers who build open-source software for free and huge tech businesses who incorporate it into for-profit applications and services.
The current version number for Faker.js is 6.6.6, with the text “What actually happened to Aaron Swartz?” – a likely reference to QAnon conspiracy theories regarding the Reddit cofounder’s 2013 suicide that have recently been circulating.
