Marak Squires, one open source developer active on GitHub, has deliberately distributed a update that corrupts two known libraries used by thousands of projects around the world causing numerous problems. The intent is to oppose the many companies, even the most important ones, which exploit open source code in their projects which then go on to bill millions of dollars.

Open source libraries colors.js and faker.js corrupted

More precisely, the two libraries involved are colors.js, which is used to add colors to javascript consoles and which has been downloaded over 23 million times on the NPM platform alone, and faker.js, which is used to generate fake data for demos and has been downloaded about 2.4 million times. Marak Squires would then update the code of the two libraries so that the US flag is shown in non-ASCII characters. The text is introduced by the words “LIBERTY LIBERTY LIBERTY”.

In addition, in the readme file of the faker.js library, the developer added the question “What really happened to Aaron Swartz”. For those who don’t know or don’t remember, Aaron Swartz was a free software business and developer. As of April 2011, he was accused of downloading 4.8 million articles from the JSTOR digital academic archive with the intention of distributing them for free. He was later released on bail, but faced up to 50 years in prison. Always pleading innocent, he committed suicide in 2013.

The GitHub account of Marak Squires it was suspended on January 6th, after the corrupt update was integrated into the faker.js library. During the same day the previous version of faker.js without the “liberty” update was restored on NPM. On January 7, he then introduced the new version of colors.js, so it’s unclear whether the account is still suspended or not.