Open source developer corrupts widely-used libraries, affecting tons of projects
https://www.theverge.com/2022/1/9/22874949/developer-corrupts-open-source-libraries-projects-affected
NPM libraries in question:
https://github.com/Marak/colors.js https://github.com/marak/Faker.js/
Marek's post about no more free work: http://web.archive.org/web/20210704022108/https://github.com/Marak/faker.js/issues/1046
Leftpad issue from 2016 https://qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-a-tiny-piece-of-code/
Got suggestions, complaints, or feedback?
Tell us at podcast@secureideas.com or reach out on Twitter:
https://twitter.com/sweaney
https://twitter.com/darth_kevin
https://twitter.com/secureideas
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!
