Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps

This page summarizes the projects mentioned and recommended in the original post on /r/webdev

Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • colors.js

    get colors in your node.js console

    Github did not revert code (go check the repo https://github.com/Marak/colors.js/commit/6bc50e79eeaa1d87369bb3e7e608ebed18c5cf26). Npmjs did with both faker and colors. This is in their policy and has been the procedure in many instances of malicious updates (e.g. left-pad, uaparser, and many more).

  • faker.js

    Discontinued Generate massive amounts of fake data in the browser and node.js [Moved to: https://github.com/faker-js/faker] (by faker-js)

    For anyone needing it, here's the community maintained version of faker.js

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

  • aws-cli

    Universal Command Line Interface for Amazon Web Services

    What makes GitHub's actions shitty? Marak's colors had 22 million downloads, including aws-cli. Blanking out a large repository like that, without so much as a warning, is irresponsible and choosing to partake in conspiracy theories is even more so.

  • uvloop

    Ultra fast asyncio event loop.

    Take a look at these guys: https://github.com/MagicStack They are a consultancy that obviously can make good stuff, their libraries are widely used by the Python community. This is how I would monetize your library honestly. It is a source of trust that can unlock other opportunities that would be much harder to obtain without it.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts