A pensarci, è abbastanza preoccupante tutto il castello che abbiamo messo in piedi per cui un appassionato scrive del codice e poi migliaia di aziende lo riusano senza controllarlo…
Non e’ un problema di facile soluzione. Forse non ammette soluzione e quindi non e’ un problema ma un dato di fatto.
Source : Bleepingcomputer
Users of popular open-source libraries ‘colors’ and ‘faker’ were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking.Some surmised if the NPM libraries had been compromised, but it turns out there’s much more to the story.
The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that depend on ‘colors’ and ‘faker.’
The colors library receives over 20 million weekly downloads on npm alone and has almost 19,000 projects relying on it. Whereas, faker receives over 2.8 million weekly downloads on npm, and has over 2,500 dependents.
Continua qui: Dev corrupts NPM libs ‘colors’ and ‘faker’ breaking thousands of apps
