Developer deliberately messed up the colors and faker npm libraries due to the assassination of Aaron Schwartz

Faker and colors npm libraries
Written by Emma Davis

Late last week, thousands of projects that rely on the open source npm libraries faker and colors, which have over 20 million weekly downloads via npm alone, discovered that both libraries were malfunctioning, thus affecting the performance of their own products.

Both libraries extracted gibberish instead of code, preceded by the words “LIBERTY LIBERTY LIBERTY”. In particular, everyone using the Amazon Cloud Development Kit has had problems.

Faker and colors npm libraries

At first, many assumed that the developer of faker and colors, Marak Squires, was simply hacked, but it soon became clear that this was not the case. The author himself messed up his code, and the readme file accompanying the malicious update showed a message:

“What really happened to Aaron Schwartz?” He duplicated the same message on Twitter, attaching a link to Reddit, where it was condemned that Schwartz was killed after he discovered child porn on the servers of the Massachusetts Institute of Technology.

Squires called the update “the American flag module”, as the ASCII gibberish that occurs when launching libraries was supposed to resemble the American flag.


Aaron Schwartz is a famous American programmer, writer and activist who committed suicide in 2013 under strange circumstances.

During his lifetime, Schwartz participated in the creation of Reddit, actively fought against censorship on the Web (in particular, opposed SOPA and PIPA), was a member of the RDF group in the World Wide Web Consortium (W3C).

Shortly before his death, Schwartz was accused of downloading and intending to release documents from the JSTOR library to the public. He was threatened with thirty years in prison and multimillion-dollar fines. Soon, Schwartz committed suicide without even leaving a note.

Many of the craziest theories have arisen around Schwartz’s death, and many are still convinced that the government actually assassinated the activist.

Apparently, Squires decided to mess up the faker and colors code for revenge on corporations and commercial consumers of open-source solutions. This is because they often rely on community-backed free software, but Squires says they don’t give the community anything in return. Back in November 2020, the developer wrote that he was no longer going to support corporations and do “free work” for them. He advised commercial organizations to consider forking or paying him a six-figure salary.

With all due respect, I am no longer going to support [the] Fortune 500 (and other smaller companies) with my free work. I have nothing more to say. Use this opportunity to send me a six-figure annual contract or fork the project for someone else to work on.Squires wrote.

Squires’ act caused a mixed reaction in the community. While some called his actions “a bold move”, others expressed bewilderment and called the deed irresponsibility, and Squires – a fraud.

Apparently the author of colors.js is angry about not getting paid … So he decided to print the American flag every time his library is loaded … WTF.wrote one user.
If you have a problem with a business that uses your free code for free, do not post the free code. By sabotaging your own widely used projects, you harm not only big business, but everyone who uses them. This teaches people not to update, because something can break.said an expert at VessOnSecurity.

Later it became known that Squires’ account on GitHub was blocked, which caused another round of network disputes. So, many are perplexed when deleting or corrupting their own code became a violation of the GitHub rules, while others gloatingly note that after disabling thousands of other people’s projects, it would be strange to wait for a different outcome.

You may also be interested to read what GitHub specialists talked about vulnerabilities in npm and that 17 malicious npm packages stole Discord tokens.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.